Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1541195
MD5:7204a55ed486cee5061c0518d9f594ac
SHA1:58eaf918c76803f4405230aaad34582fa1a65a4d
SHA256:f02f2b6cc008e93e49656ee981244e2bc4c6d352dfe1921974ed88fd70c8fe17
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 7292 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7204A55ED486CEE5061C0518D9F594AC)
    • taskkill.exe (PID: 7308 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7412 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7468 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7532 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7596 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7660 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7700 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7716 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7960 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2200 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baac71d5-40f3-4bd6-b9a2-f58f729b2199} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27bffd70310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4960 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 1540 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d14240-9cd3-49bb-8984-b5bc4d0eecb7} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9223cb10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4488 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5340 -prefMapHandle 5352 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {316c6cfb-6661-4d2d-9a1c-1d3edad563fa} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9e0a7110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7292JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 47%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.4% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52335 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:52343 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52348 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:52359 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:52360 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52363 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:52364 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:52365 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52368 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52370 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52369 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:52371 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60518 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60517 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60519 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1967590455.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000D.00000003.1996944207.0000027B9146D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1987178609.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1967590455.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1987178609.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008EDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F68EE FindFirstFileW,FindClose,0_2_008F68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_008F698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008ED076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008ED3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008F9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008F979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_008F9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_008F5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 263MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_008FCE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000D.00000003.1965032665.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1980251593.0000027B9833B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901492595.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1902587271.0000027B9E6FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949029653.0000027B9E63C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1975837950.0000027B9E63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1902587271.0000027B9E6FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1839687686.0000027B983D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B983D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1965032665.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1980251593.0000027B9833B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901492595.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B9981A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B9981A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1902587271.0000027B9E6FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949029653.0000027B9E63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1902587271.0000027B9E6FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1839687686.0000027B983D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA810A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA810A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA810A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1976079440.0000027B9D442000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1965032665.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1980251593.0000027B9833B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901492595.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000D.00000003.1986140401.0000027B9370A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.1986140401.0000027B9370A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com5 equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000D.00000003.2001442583.0000027B90E60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1845554856.0000027B90584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1991864315.0000027B998D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000D.00000003.1969606782.0000027B93703000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970828909.0000027B93703000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968683942.0000027B93703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microso
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000D.00000003.1952968875.0000027B982B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953643379.0000027B97ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000D.00000003.2004709908.0000027B913D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1995796675.0000027B9317A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000D.00000003.1997502934.0000027B913F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000D.00000003.1965446812.0000027B86B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
    Source: firefox.exe, 0000000D.00000003.1939168525.0000027B90CCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000D.00000003.1934120641.0000027B903E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920914632.0000027B9124A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864996348.0000027B90BFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921924946.0000027B981F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954381661.0000027B927A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967038153.0000027B90DF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953825728.0000027B97AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1987265691.0000027B8FA4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90F97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864996348.0000027B90BD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858656546.0000027B9124D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906076558.0000027B97DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1859456375.0000027B90BE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90FA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1908546635.0000027B903AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B98373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1995796675.0000027B93195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940575063.0000027B97DDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971346805.0000027B98191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906631256.0000027B91242000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000D.00000003.1954381661.0000027B92793000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
    Source: firefox.exe, 0000000D.00000003.1954381661.0000027B92793000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.13.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000D.00000003.1980687061.0000027B97B73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000D.00000003.1843216979.0000027B91C79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954226859.0000027B97A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957436538.0000027B922B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1840959929.0000027B91EB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1840224173.0000027B93195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949071904.0000027B9E02A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1957200179.0000027B922E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1840224173.0000027B931DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903878919.0000027B9E02A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1843216979.0000027B91C23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000D.00000003.1957200179.0000027B922E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
    Source: mozilla-temp-41.13.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000D.00000003.1954381661.0000027B927BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000D.00000003.1994781019.0000027B98240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000D.00000003.1952187947.0000027B98391000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1839687686.0000027B983B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000D.00000003.1862238427.0000027B921A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929327118.0000027B921A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1893320286.0000027B921A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1947152560.0000027B91223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1918733183.0000027B921A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1840959929.0000027B91E83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1944720759.0000027B921A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1945829689.0000027B90B30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1946682679.0000027B90B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1863451704.0000027B921A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861620704.0000027B9219F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1861795929.0000027B921A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903991128.0000027B9E016000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953643379.0000027B97ED9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000D.00000003.1996944207.0000027B9146D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B91464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1982202965.0000027B9146B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000D.00000003.1845554856.0000027B90584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000D.00000003.1956322058.0000027B92530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000D.00000003.1952187947.0000027B98391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000D.00000003.1903546514.0000027B9E0A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903546514.0000027B9E0BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864610755.0000027B90B83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864610755.0000027B90B8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864610755.0000027B90B8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864610755.0000027B90B8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B99831000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000D.00000003.1952187947.0000027B98391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1846346293.0000027B901AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000D.00000003.1903546514.0000027B9E0BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1981325074.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000D.00000003.1981325074.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000063505.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000D.00000003.1981325074.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000063505.0000027B914BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
    Source: firefox.exe, 0000000D.00000003.1981325074.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000063505.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000D.00000003.1981325074.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000D.00000003.1911239593.0000027B90F9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90FFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1846346293.0000027B901AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000711344.0000027B90EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000D.00000003.1961044102.0000027B913D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000D.00000003.1981325074.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000063505.0000027B914BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
    Source: firefox.exe, 00000012.00000002.2992752954.000002D67F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1847405299.0000027B994EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849207476.0000027B90CF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000D.00000003.1950428712.0000027B9D27A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1901492595.0000027B9E985000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1950428712.0000027B9D25D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000012.00000002.2992752954.000002D67F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA812F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000010.00000002.2993056886.0000015DA81C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000D.00000003.1839687686.0000027B983B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000010.00000002.2993056886.0000015DA81C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000D.00000003.1965032665.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901492595.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000D.00000003.1980251593.0000027B9833B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000D.00000003.1997098745.0000027B91446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B91449000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B91464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1982202965.0000027B9146B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000D.00000003.1994293253.0000027B985E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B985E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000D.00000003.1994293253.0000027B985E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B985E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000D.00000003.1994293253.0000027B985E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B985E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000D.00000003.1994293253.0000027B985E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B985E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000D.00000003.1994293253.0000027B985E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B985E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000D.00000003.1839687686.0000027B983D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B983D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.13.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000012.00000002.2992752954.000002D67F0F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/014f9b47-818f-45ef-9059-95df8
    Source: firefox.exe, 0000000D.00000003.1961044102.0000027B913DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/73d43376-795b-4c8b-98e0-b8b0
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1835131625.0000027B99865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1993643563.0000027B99863000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000D.00000003.1836148184.0000027B905E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1846346293.0000027B901AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1837676998.0000027B90576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000D.00000003.1954381661.0000027B927BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000D.00000003.1955264844.0000027B9272D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954381661.0000027B927BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000D.00000003.1903546514.0000027B9E0BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000012.00000002.2992752954.000002D67F08F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF28472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA8186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1856301327.0000027B9124D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1973566297.0000027B93708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000D.00000003.1856301327.0000027B9124D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000D.00000003.1856301327.0000027B9124D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000D.00000003.1980418885.0000027B98316000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1995796675.0000027B931DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1903435847.0000027B9E0E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000D.00000003.1991864315.0000027B998D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000D.00000003.2003833819.0000027B91487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B91486000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981325074.0000027B91487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000063505.0000027B91487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000D.00000003.1991864315.0000027B998D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000D.00000003.1991864315.0000027B998D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1911239593.0000027B90F9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000D.00000003.1903546514.0000027B9E053000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000D.00000003.1961044102.0000027B913D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000D.00000003.1979612071.0000027B99BB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1958958141.0000027B91486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1982202965.0000027B9146B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981325074.0000027B91487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000063505.0000027B91487000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1958958141.0000027B91486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000D.00000003.1845554856.0000027B90576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000D.00000003.1845554856.0000027B90576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 00000012.00000002.2992752954.000002D67F013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000D.00000003.1835048683.0000027B998FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA8186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000D.00000003.1845554856.0000027B90584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000D.00000003.1903546514.0000027B9E0BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949071904.0000027B9E02A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1956543226.0000027B924D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1903878919.0000027B9E02A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000D.00000003.1903878919.0000027B9E01F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000580970.0000027B9131D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1964286173.0000027B9EDC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949071904.0000027B9E01F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1974819365.0000027B9EDC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000D.00000003.1903206092.0000027B9E692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000D.00000003.1912400358.0000027B926BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000D.00000003.1838476502.0000027B9C19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951389456.0000027B9C19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1990662035.0000027B9C19C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000D.00000003.1903206092.0000027B9E692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981325074.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1981325074.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000D.00000003.1952968875.0000027B982B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B98367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B9981A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835531383.0000027B99845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000D.00000003.1975837950.0000027B9E63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1845554856.0000027B90576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90FFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B9981A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835531383.0000027B99845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B9981A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835531383.0000027B99845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000D.00000003.1973396387.0000027B8D474000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.13.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B9981A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835531383.0000027B99845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B98367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000D.00000003.1952187947.0000027B98387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000D.00000003.1830673064.0000027B98406000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000D.00000003.1953535082.0000027B97EF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000D.00000003.1961044102.0000027B913D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000D.00000003.1856301327.0000027B9124D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000D.00000003.1856301327.0000027B9124D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000D.00000003.1958259972.0000027B91DF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000D.00000003.1903206092.0000027B9E692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
    Source: firefox.exe, 0000000D.00000003.1847405299.0000027B994EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1849207476.0000027B90CF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000D.00000003.1903206092.0000027B9E692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
    Source: firefox.exe, 0000000D.00000003.1994293253.0000027B98586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.13.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000D.00000003.1903206092.0000027B9E692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000D.00000003.1903206092.0000027B9E692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000D.00000003.1994293253.0000027B98586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000D.00000003.1903206092.0000027B9E692000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000D.00000003.1954381661.0000027B927BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B98367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000D.00000003.1975837950.0000027B9E63C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000D.00000003.1976118633.0000027B9D27A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953109692.0000027B982A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1950428712.0000027B9D27A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000D.00000003.1993643563.0000027B9981A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835531383.0000027B99845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000D.00000003.1952968875.0000027B982BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA810A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000D.00000003.1835531383.0000027B99845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B98367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000D.00000003.1957160943.0000027B922F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1838476502.0000027B9C14C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B91474000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1834437755.0000027B9C14C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000D.00000003.1956543226.0000027B92419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.13.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.2995648780.000002D67F150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 00000010.00000002.2992559767.0000015DA80D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigf(_m
    Source: firefox.exe, 0000000D.00000003.1903991128.0000027B9E016000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1949071904.0000027B9E01F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1929327118.0000027B9212E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993515609.000002CF283A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2992397630.000002CF281CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2992559767.0000015DA80D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2991041437.0000015DA7D5A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2991041437.0000015DA7D50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992138097.000002D67ED0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2995648780.000002D67F154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000B.00000002.1775364146.00000208CA967000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1782448961.00000262A1D39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000012.00000002.2992138097.000002D67ED00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdA
    Source: firefox.exe, 0000000F.00000002.2993515609.000002CF283A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2992397630.000002CF281C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2992559767.0000015DA80D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2991041437.0000015DA7D50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2995648780.000002D67F154000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992138097.000002D67ED00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 0000000F.00000002.2992397630.000002CF281CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdNjx
    Source: firefox.exe, 00000012.00000002.2992138097.000002D67ED0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdU
    Source: firefox.exe, 0000000F.00000002.2992397630.000002CF281C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdZjx
    Source: unknownNetwork traffic detected: HTTP traffic on port 52368 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52349 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52358
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52359
    Source: unknownNetwork traffic detected: HTTP traffic on port 52345 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52361 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52339 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52364 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60496
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52361
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52362
    Source: unknownNetwork traffic detected: HTTP traffic on port 60517 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52360
    Source: unknownNetwork traffic detected: HTTP traffic on port 52358 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52371 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52335 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52365
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52366
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52363
    Source: unknownNetwork traffic detected: HTTP traffic on port 52369 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52364
    Source: unknownNetwork traffic detected: HTTP traffic on port 52362 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52369
    Source: unknownNetwork traffic detected: HTTP traffic on port 52348 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52367
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52368
    Source: unknownNetwork traffic detected: HTTP traffic on port 52365 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52373
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52370
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52371
    Source: unknownNetwork traffic detected: HTTP traffic on port 60518 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52359 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52338 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60887 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52351 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52338
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52339
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60519
    Source: unknownNetwork traffic detected: HTTP traffic on port 52347 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52336
    Source: unknownNetwork traffic detected: HTTP traffic on port 52363 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52343 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52335
    Source: unknownNetwork traffic detected: HTTP traffic on port 52340 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52366 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52340
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60518
    Source: unknownNetwork traffic detected: HTTP traffic on port 60519 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60517
    Source: unknownNetwork traffic detected: HTTP traffic on port 60710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52350 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52373 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60710
    Source: unknownNetwork traffic detected: HTTP traffic on port 60496 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52349
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52343
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52347
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52348
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52345
    Source: unknownNetwork traffic detected: HTTP traffic on port 52360 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52367 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52350
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52351
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60889
    Source: unknownNetwork traffic detected: HTTP traffic on port 60889 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60887
    Source: unknownNetwork traffic detected: HTTP traffic on port 52370 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52336 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60885 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60885
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52335 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:52343 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52348 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:52359 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:52360 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52363 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:52364 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.4:52365 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52368 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52370 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:52369 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:52371 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60518 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60517 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60519 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_008FEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_008FED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_008FEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008EAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_008EAA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00919576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00919576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1548127e-e
    Source: file.exe, 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_04b60d5e-6
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_fbd78fa5-2
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e385de53-5
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA86E9FB7 NtQuerySystemInformation,16_2_0000015DA86E9FB7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA87045F2 NtQuerySystemInformation,16_2_0000015DA87045F2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ED5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_008ED5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008E1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008EE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_008EE8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F20460_2_008F2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008880600_2_00888060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E82980_2_008E8298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008BE4FF0_2_008BE4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B676B0_2_008B676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009148730_2_00914873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ACAA00_2_008ACAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0088CAF00_2_0088CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089CC390_2_0089CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B6DD90_2_008B6DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008891C00_2_008891C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089B1190_2_0089B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A13940_2_008A1394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A17060_2_008A1706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A781B0_2_008A781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A19B00_2_008A19B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008879200_2_00887920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089997D0_2_0089997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A7A4A0_2_008A7A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A7CA70_2_008A7CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A1C770_2_008A1C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B9EEE0_2_008B9EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0090BE440_2_0090BE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A1F320_2_008A1F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA86E9FB716_2_0000015DA86E9FB7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA87045F216_2_0000015DA87045F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA870463216_2_0000015DA8704632
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA8704D1C16_2_0000015DA8704D1C
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0089F9F2 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 008A0A30 appears 46 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/36@68/12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F37B5 GetLastError,FormatMessageW,0_2_008F37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E10BF AdjustTokenPrivileges,CloseHandle,0_2_008E10BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008E16C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_008F51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ED4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_008ED4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_008F648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008842A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7316:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7604:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000D.00000003.1901492595.0000027B9E94E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000D.00000003.1965032665.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1901492595.0000027B9E98E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000D.00000003.1975706133.0000027B9E655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1948866869.0000027B9E655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeReversingLabs: Detection: 47%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2200 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baac71d5-40f3-4bd6-b9a2-f58f729b2199} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27bffd70310 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 1540 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d14240-9cd3-49bb-8984-b5bc4d0eecb7} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9223cb10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5340 -prefMapHandle 5352 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {316c6cfb-6661-4d2d-9a1c-1d3edad563fa} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9e0a7110 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2200 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baac71d5-40f3-4bd6-b9a2-f58f729b2199} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27bffd70310 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 1540 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d14240-9cd3-49bb-8984-b5bc4d0eecb7} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9223cb10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5340 -prefMapHandle 5352 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {316c6cfb-6661-4d2d-9a1c-1d3edad563fa} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9e0a7110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000D.00000003.1967590455.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000D.00000003.1996944207.0000027B9146D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000D.00000003.1987178609.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.13.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000D.00000003.1967590455.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000D.00000003.1987178609.0000027B9370F000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008842DE
    Source: gmpopenh264.dll.tmp.13.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A0A76 push ecx; ret 0_2_008A0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0089F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0089F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00911C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00911C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96113
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA86E9FB7 rdtsc 16_2_0000015DA86E9FB7
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008EDBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F68EE FindFirstFileW,FindClose,0_2_008F68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_008F698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008ED076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008ED3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008F9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008F979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_008F9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_008F5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008842DE
    Source: firefox.exe, 0000000F.00000002.2992397630.000002CF281CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3jx
    Source: firefox.exe, 0000000F.00000002.2997279129.000002CF28940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\
    Source: firefox.exe, 0000000F.00000002.2992397630.000002CF281CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp#
    Source: firefox.exe, 0000000F.00000002.2992397630.000002CF281CA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2995850345.0000015DA8590000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996073379.000002D67F160000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992138097.000002D67ED0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 0000000F.00000002.2996517759.000002CF28521000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.2995850345.0000015DA85A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
    Source: firefox.exe, 00000010.00000002.2991041437.0000015DA7D5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWplY
    Source: firefox.exe, 00000010.00000002.2995850345.0000015DA85A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
    Source: firefox.exe, 0000000F.00000002.2997279129.000002CF28940000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2995850345.0000015DA85A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000015DA86E9FB7 rdtsc 16_2_0000015DA86E9FB7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008FEAA2 BlockInput,0_2_008FEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008B2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008842DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A4CE8 mov eax, dword ptr fs:[00000030h]0_2_008A4CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008E0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008B2622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008A083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A09D5 SetUnhandledExceptionFilter,0_2_008A09D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008A0C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008E1201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008C2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008C2BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008EB226 SendInput,keybd_event,0_2_008EB226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_009022DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008E0B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008E1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_008E1663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000D.00000003.1977415241.0000027B9370F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008A0698 cpuid 0_2_008A0698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008F8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_008F8195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008DD27A GetUserNameW,0_2_008DD27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008BBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_008BBB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008842DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7292, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7292, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00901204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00901204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00901806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00901806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials1
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541195 Sample: file.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 214 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.186.110, 443, 52340, 60887 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 52341, 52342, 60888 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe47%ReversingLabsWin32.Trojan.CredentialFlusher
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
    https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
    http://www.mozilla.com00%URL Reputationsafe
    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
    https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
    https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
    https://www.leboncoin.fr/0%URL Reputationsafe
    https://spocs.getpocket.com/spocs0%URL Reputationsafe
    https://shavar.services.mozilla.com0%URL Reputationsafe
    https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
    https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
    https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
    https://monitor.firefox.com/breach-details/0%URL Reputationsafe
    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
    https://xhr.spec.whatwg.org/#sync-warning0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
    https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
    https://api.accounts.firefox.com/v10%URL Reputationsafe
    https://ok.ru/0%URL Reputationsafe
    https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.20%URL Reputationsafe
    https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%URL Reputationsafe
    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
    https://bugzilla.mo0%URL Reputationsafe
    https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
    https://shavar.services.mozilla.com/0%URL Reputationsafe
    https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%URL Reputationsafe
    https://spocs.getpocket.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
    https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
    https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
    https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=11701430%URL Reputationsafe
    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
    https://monitor.firefox.com/about0%URL Reputationsafe
    https://account.bellmedia.c0%URL Reputationsafe
    https://login.microsoftonline.com0%URL Reputationsafe
    https://coverage.mozilla.org0%URL Reputationsafe
    http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
    https://www.zhihu.com/0%URL Reputationsafe
    https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
    https://blocked.cdn.mozilla.net/0%URL Reputationsafe
    https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
    https://json-schema.org/draft/2019-09/schema0%URL Reputationsafe
    http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%URL Reputationsafe
    https://duckduckgo.com/?t=ffab&q=0%URL Reputationsafe
    https://profiler.firefox.com0%URL Reputationsafe
    https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=7938690%URL Reputationsafe
    https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
    https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
    https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/0%URL Reputationsafe
    https://monitor.firefox.com/user/preferences0%URL Reputationsafe
    https://screenshots.firefox.com/0%URL Reputationsafe
    https://truecolors.firefox.com/0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report0%URL Reputationsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      unknown
      star-mini.c10r.facebook.com
      157.240.252.35
      truefalse
        unknown
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          unknown
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            unknown
            twitter.com
            104.244.42.1
            truefalse
              unknown
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                unknown
                services.addons.mozilla.org
                151.101.1.91
                truefalse
                  unknown
                  dyna.wikimedia.org
                  185.15.59.224
                  truefalse
                    unknown
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      unknown
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        unknown
                        youtube.com
                        142.250.186.110
                        truefalse
                          unknown
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            unknown
                            youtube-ui.l.google.com
                            172.217.23.110
                            truefalse
                              unknown
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              34.149.128.2
                              truefalse
                                unknown
                                reddit.map.fastly.net
                                151.101.193.140
                                truefalse
                                  unknown
                                  ipv4only.arpa
                                  192.0.0.171
                                  truefalse
                                    unknown
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      unknown
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        unknown
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          unknown
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            unknown
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              unknown
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                unknown
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          unknown
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            unknown
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              unknown
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                unknown
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  unknown
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://datastudio.google.com/embed/reporting/firefox.exe, 0000000D.00000003.1903546514.0000027B9E0BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://www.mozilla.com0gmpopenh264.dll.tmp.13.drfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.2992752954.000002D67F08F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://www.leboncoin.fr/firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 0000000D.00000003.1835048683.0000027B998FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://shavar.services.mozilla.comfirefox.exe, 0000000D.00000003.1961044102.0000027B913D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://completion.amazon.com/search/complete?q=firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000D.00000003.1845554856.0000027B90584000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000D.00000003.1994293253.0000027B985E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1979912365.0000027B985E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://monitor.firefox.com/breach-details/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://crl.microsofirefox.exe, 0000000D.00000003.1969606782.0000027B93703000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1970828909.0000027B93703000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1968683942.0000027B93703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1845554856.0000027B90576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1837676998.0000027B90576000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90FFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://www.msn.comfirefox.exe, 0000000D.00000003.1954381661.0000027B927BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000D.00000003.1788557536.0000027B8F800000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1792805832.0000027B8FA5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://youtube.com/firefox.exe, 0000000D.00000003.1956543226.0000027B92419000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                unknown
                                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                https://www.instagram.com/firefox.exe, 0000000D.00000003.1856301327.0000027B9124D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://api.accounts.firefox.com/v1firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://ok.ru/firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://www.amazon.com/firefox.exe, 0000000D.00000003.1975837950.0000027B9E63C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000D.00000003.1958958141.0000027B91486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000D.00000003.1981325074.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                        unknown
                                                                                        https://www.youtube.com/firefox.exe, 0000000D.00000003.1952968875.0000027B982BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA810A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F00C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://www.bbc.co.uk/firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000D.00000003.1994903965.0000027B9803F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2992752954.000002D67F0C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              http://127.0.0.1:firefox.exe, 0000000D.00000003.1991864315.0000027B998D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000D.00000003.1911239593.0000027B90F9E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://bugzilla.mofirefox.exe, 0000000D.00000003.1979912365.0000027B98586000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://youtube.com/account?=recovery.jsonlz4.tmp.13.drfalse
                                                                                                  unknown
                                                                                                  https://shavar.services.mozilla.com/firefox.exe, 0000000D.00000003.1979612071.0000027B99BB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000D.00000003.1981325074.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2003833819.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.2000063505.0000027B914C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958958141.0000027B914C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://spocs.getpocket.com/firefox.exe, 00000012.00000002.2992752954.000002D67F013000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://www.iqiyi.com/firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      https://addons.mozilla.org/firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 0000000F.00000002.2993914148.000002CF28472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA8186000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864610755.0000027B90B83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://monitor.firefox.com/aboutfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          http://mozilla.org/MPL/2.0/.firefox.exe, 0000000D.00000003.1934120641.0000027B903E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1920914632.0000027B9124A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864996348.0000027B90BFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1921924946.0000027B981F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954381661.0000027B927A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967038153.0000027B90DF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1953825728.0000027B97AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1987265691.0000027B8FA4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90F97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864996348.0000027B90BD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1858656546.0000027B9124D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906076558.0000027B97DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1859456375.0000027B90BE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90FA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1908546635.0000027B903AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B98373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1995796675.0000027B93195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1911239593.0000027B90F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1940575063.0000027B97DDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1971346805.0000027B98191000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1906631256.0000027B91242000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://account.bellmedia.cfirefox.exe, 0000000D.00000003.1954381661.0000027B927BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://login.microsoftonline.comfirefox.exe, 0000000D.00000003.1955264844.0000027B9272D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1954381661.0000027B927BB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://coverage.mozilla.orgfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.13.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://www.zhihu.com/firefox.exe, 0000000D.00000003.1835531383.0000027B99845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1958259972.0000027B91D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1952187947.0000027B98367000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000D.00000003.1921924946.0000027B981B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://blocked.cdn.mozilla.net/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000D.00000003.1835131625.0000027B99865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1993643563.0000027B99863000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000D.00000003.1994903965.0000027B980DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1905185709.0000027B980DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000D.00000003.1961044102.0000027B913D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://profiler.firefox.comfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1864610755.0000027B90B8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000D.00000003.1838476502.0000027B9C19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1951389456.0000027B9C19C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1990662035.0000027B9C19C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000D.00000003.1893320286.0000027B92185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1896184262.0000027B90342000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            unknown
                                                                                                            https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000D.00000003.1795973935.0000027B8F633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1967470298.0000027B8F634000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000D.00000003.1979912365.0000027B9851E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1994293253.0000027B98517000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgfirefox.exe, 0000000F.00000002.2993914148.000002CF284B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2993056886.0000015DA81F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.2996275518.000002D67F303000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.13.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000D.00000003.1846346293.0000027B901AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://www.amazon.co.uk/firefox.exe, 0000000D.00000003.1835666242.0000027B99817000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000D.00000003.1950428712.0000027B9D25D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://monitor.firefox.com/user/preferencesfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://screenshots.firefox.com/firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://truecolors.firefox.com/firefox.exe, 0000000D.00000003.1903435847.0000027B9E0FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://www.google.com/searchfirefox.exe, 0000000D.00000003.1953535082.0000027B97EF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1791835418.0000027B8FA3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1793483762.0000027B8FA77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000003.1789662535.0000027B8FA1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://relay.firefox.com/api/v1/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://topsites.services.mozilla.com/cid/firefox.exe, 0000000F.00000002.2993297756.000002CF28330000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2996158958.0000015DA8690000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.2992399402.000002D67EE10000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs
                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        151.101.1.91
                                                                                                                        services.addons.mozilla.orgUnited States
                                                                                                                        54113FASTLYUSfalse
                                                                                                                        34.149.100.209
                                                                                                                        prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                        2686ATGS-MMD-ASUSfalse
                                                                                                                        34.107.243.93
                                                                                                                        push.services.mozilla.comUnited States
                                                                                                                        15169GOOGLEUSfalse
                                                                                                                        34.107.221.82
                                                                                                                        prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                        15169GOOGLEUSfalse
                                                                                                                        35.244.181.201
                                                                                                                        prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                        15169GOOGLEUSfalse
                                                                                                                        34.117.188.166
                                                                                                                        contile.services.mozilla.comUnited States
                                                                                                                        139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                        35.201.103.21
                                                                                                                        normandy-cdn.services.mozilla.comUnited States
                                                                                                                        15169GOOGLEUSfalse
                                                                                                                        142.250.186.110
                                                                                                                        youtube.comUnited States
                                                                                                                        15169GOOGLEUSfalse
                                                                                                                        35.190.72.216
                                                                                                                        prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                        15169GOOGLEUSfalse
                                                                                                                        34.160.144.191
                                                                                                                        prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                        2686ATGS-MMD-ASUSfalse
                                                                                                                        34.120.208.123
                                                                                                                        telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                        15169GOOGLEUSfalse
                                                                                                                        IP
                                                                                                                        127.0.0.1
                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                        Analysis ID:1541195
                                                                                                                        Start date and time:2024-10-24 15:08:05 +02:00
                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                        Overall analysis duration:0h 7m 6s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                        Number of analysed new started processes analysed:22
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:0
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Sample name:file.exe
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal72.troj.evad.winEXE@34/36@68/12
                                                                                                                        EGA Information:
                                                                                                                        • Successful, ratio: 50%
                                                                                                                        HCA Information:
                                                                                                                        • Successful, ratio: 95%
                                                                                                                        • Number of executed functions: 40
                                                                                                                        • Number of non-executed functions: 309
                                                                                                                        Cookbook Comments:
                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                        • Excluded IPs from analysis (whitelisted): 34.208.54.237, 52.13.186.250, 44.231.229.39, 142.250.186.174, 2.22.61.59, 2.22.61.56, 2.18.121.79, 2.18.121.72, 142.250.186.74, 142.250.186.106
                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                        • VT rate limit hit for: file.exe
                                                                                                                        TimeTypeDescription
                                                                                                                        09:09:14API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            151.101.1.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                    34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                        twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.129
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.65
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.65
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                        services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        star-mini.c10r.facebook.comhttps://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 157.240.251.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.253.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.0.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.0.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.0.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.0.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.0.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.251.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.253.35
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 157.240.251.35
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        FASTLYUShttps://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                        https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 151.101.130.137
                                                                                                                                                                                                        https://1drv.ms/o/c/3e563d3fb2a98d1c/Emlo5KUbYYNEvKtIF-7SS0EBYSeT3hOOGuv_MbeT-n2y4g?e=HPjqUnGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                        • 151.101.66.137
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                        attachment(1).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.188.157
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        PO 635614 635613_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.129.229
                                                                                                                                                                                                        https://landsmith.ae/continue.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        kQyd2z80gD.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                        • 34.117.59.81
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                        ATGS-MMD-ASUShttps://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 34.155.67.112
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        gNubpp8EFH.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 51.129.30.184
                                                                                                                                                                                                        fOTHzKNyyk.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 57.45.185.202
                                                                                                                                                                                                        5tSAlF2WkT.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 51.209.232.2
                                                                                                                                                                                                        ai3eCONS9Q.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 51.228.195.88
                                                                                                                                                                                                        jade.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 34.179.66.151
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7813
                                                                                                                                                                                                                                                Entropy (8bit):5.178741981324005
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:HjMXlRycbhbVbTbfbRbObtbyEl7nMrkJA6WnSrDtTUd/SkDrWw:HYqcNhnzFSJsr3BnSrDhUd/J
                                                                                                                                                                                                                                                MD5:D55E50A0C31931B574D91022EDAB7B35
                                                                                                                                                                                                                                                SHA1:9F73CDCF6DB0BBBDBDB2AEB2AA962E31DAD43DB4
                                                                                                                                                                                                                                                SHA-256:857758237D5D05E810AE5E464AC062D1EA033F97FB483B78E8836CCFB6C314F7
                                                                                                                                                                                                                                                SHA-512:E2FC10434C2D92B841AE88C4733925C2FD2CFF3F76F1147D7855053B8CC39CCD48E61A05B861C3B8E743B867C6D54EC8A0BE0301826833CE4F007B4642FFA72E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"type":"uninstall","id":"cb7cba75-108e-4320-8151-e5d50e5987e9","creationDate":"2024-10-24T15:04:24.426Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):7813
                                                                                                                                                                                                                                                Entropy (8bit):5.178741981324005
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:HjMXlRycbhbVbTbfbRbObtbyEl7nMrkJA6WnSrDtTUd/SkDrWw:HYqcNhnzFSJsr3BnSrDhUd/J
                                                                                                                                                                                                                                                MD5:D55E50A0C31931B574D91022EDAB7B35
                                                                                                                                                                                                                                                SHA1:9F73CDCF6DB0BBBDBDB2AEB2AA962E31DAD43DB4
                                                                                                                                                                                                                                                SHA-256:857758237D5D05E810AE5E464AC062D1EA033F97FB483B78E8836CCFB6C314F7
                                                                                                                                                                                                                                                SHA-512:E2FC10434C2D92B841AE88C4733925C2FD2CFF3F76F1147D7855053B8CC39CCD48E61A05B861C3B8E743B867C6D54EC8A0BE0301826833CE4F007B4642FFA72E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"type":"uninstall","id":"cb7cba75-108e-4320-8151-e5d50e5987e9","creationDate":"2024-10-24T15:04:24.426Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):453023
                                                                                                                                                                                                                                                Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3621
                                                                                                                                                                                                                                                Entropy (8bit):4.924274845642667
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLUqGk8P:8S+OBIUjOdwiOdYVjjwLnGk8P
                                                                                                                                                                                                                                                MD5:4BF04296A6EDEAA55CFA6ED4E8C3AECE
                                                                                                                                                                                                                                                SHA1:E3DB5046BCA145F6A0823029C020F7FC489F864A
                                                                                                                                                                                                                                                SHA-256:4ABE85A6F1AD890E7594C41A3CAD4FC2E517A8C729B31F1D4823259295665E53
                                                                                                                                                                                                                                                SHA-512:EF90341F57F2D4B77CA2416714488E2FBFE3D04EDEC78F13A56D6ED9826C81FA555AFD8241B097376E46A33FD323A025B39AD9045BCD422F59FE3B9CE35E45F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3621
                                                                                                                                                                                                                                                Entropy (8bit):4.924274845642667
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:8S+OfJQPUFpOdwNIOdYVjvYcXaNLUqGk8P:8S+OBIUjOdwiOdYVjjwLnGk8P
                                                                                                                                                                                                                                                MD5:4BF04296A6EDEAA55CFA6ED4E8C3AECE
                                                                                                                                                                                                                                                SHA1:E3DB5046BCA145F6A0823029C020F7FC489F864A
                                                                                                                                                                                                                                                SHA-256:4ABE85A6F1AD890E7594C41A3CAD4FC2E517A8C729B31F1D4823259295665E53
                                                                                                                                                                                                                                                SHA-512:EF90341F57F2D4B77CA2416714488E2FBFE3D04EDEC78F13A56D6ED9826C81FA555AFD8241B097376E46A33FD323A025B39AD9045BCD422F59FE3B9CE35E45F8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5312
                                                                                                                                                                                                                                                Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5312
                                                                                                                                                                                                                                                Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):262144
                                                                                                                                                                                                                                                Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36830
                                                                                                                                                                                                                                                Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):36830
                                                                                                                                                                                                                                                Entropy (8bit):5.185924656884556
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                                                                                                                                                                                                                MD5:5656BA69BD2966108A461AAE35F60226
                                                                                                                                                                                                                                                SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                                                                                                                                                                                                                SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                                                                                                                                                                                                                SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1021904
                                                                                                                                                                                                                                                Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1021904
                                                                                                                                                                                                                                                Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):116
                                                                                                                                                                                                                                                Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):116
                                                                                                                                                                                                                                                Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                Entropy (8bit):0.07331055841493536
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkimg:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                MD5:317676718AD4205E7F4F6AEFA164A4C4
                                                                                                                                                                                                                                                SHA1:89C5B7B28F7379DEB4100A54BEB6AF5A0CB2B840
                                                                                                                                                                                                                                                SHA-256:77678587018C6D1510BCBB1AC2E15B8D99A09EF80F6A3314C4FD8D0B5A0B5AF8
                                                                                                                                                                                                                                                SHA-512:A0D29E7B19C7BCD2C685F425027208C7E6F8B8E991D8F51A25B2A10CBD9C3A734971A4DA889A634A985B0A139AC83FE316D8E138D6F888D310470A098928D8A7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):0.03527348911229007
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:GtlstFWwqjOCGtlstFWwqjOC789//alEl:GtWtUbOCGtWtUbOC789XuM
                                                                                                                                                                                                                                                MD5:60775D8D367979BDF3D9B7CEAEE2760C
                                                                                                                                                                                                                                                SHA1:2F4E20B0906E27B056028A09276F5099253C0615
                                                                                                                                                                                                                                                SHA-256:C179471D6F7D8599F12B78C653DF4955E670859CA77533E0FD6AB4D2C3F4C826
                                                                                                                                                                                                                                                SHA-512:A4BD7149260D1148C5A8BAEE8A5E4582097B76491A4F4CB0FF35C1111EADDE809A88953F9A12D31514A971B1A95963BAA90A670A37BC2B4437571D7ED4FB4C5F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..-...........................C...0A....9........-...........................C...0A....9..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32824
                                                                                                                                                                                                                                                Entropy (8bit):0.03955853810435866
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:Ol1wPNf9Ljomr9h7l8rEXsxdwhml8XW3R2:K2P3LUmrLl8dMhm93w
                                                                                                                                                                                                                                                MD5:F1F4D5AA25ACDF575446FEBCF407C7F7
                                                                                                                                                                                                                                                SHA1:26ABE5BCA0586FBB2BB7EA498EFF4F8761BEBB23
                                                                                                                                                                                                                                                SHA-256:0C5F4755CDF107F79E975DA9BB9D62F28F3A21ED9FD758014FD2003E5CCFD4C0
                                                                                                                                                                                                                                                SHA-512:09DBC29F766EE1A06628097889FF615BDE0ACFADF3D9ABAB0D42AD6A8F9C09E7D8A45777C1EC05125193FD380D6EC977DA794908DD6D1F45A526D78C988A8C2C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:7....-............0A.........lJt..........0A.........C.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13254
                                                                                                                                                                                                                                                Entropy (8bit):5.494048148094088
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:8naRtLYbBp6qhj4qyaaXE6K0pNnef5RfGNBw8dGSl:ReMqArD8cwd0
                                                                                                                                                                                                                                                MD5:8E50A8F176EA54C7B74AFA1BB0821809
                                                                                                                                                                                                                                                SHA1:F26A05C58764DF929D9C664E87600050835D594F
                                                                                                                                                                                                                                                SHA-256:3F889B5A265D32E55114C51732A3BEADE5D84BF1E08D284D1BF407381DB5F23E
                                                                                                                                                                                                                                                SHA-512:7E21A1CC80EAEDEC1AF469AA9ECFC8DC0EF02BD3DBC997BD1B3FE9AFE91C9EB065EFDFFC8BDC8E2051127C2634047F9211612D03CDC4B1D5DFA5727D995B4062
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729782234);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729782234);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729782234);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172978
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13254
                                                                                                                                                                                                                                                Entropy (8bit):5.494048148094088
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:8naRtLYbBp6qhj4qyaaXE6K0pNnef5RfGNBw8dGSl:ReMqArD8cwd0
                                                                                                                                                                                                                                                MD5:8E50A8F176EA54C7B74AFA1BB0821809
                                                                                                                                                                                                                                                SHA1:F26A05C58764DF929D9C664E87600050835D594F
                                                                                                                                                                                                                                                SHA-256:3F889B5A265D32E55114C51732A3BEADE5D84BF1E08D284D1BF407381DB5F23E
                                                                                                                                                                                                                                                SHA-512:7E21A1CC80EAEDEC1AF469AA9ECFC8DC0EF02BD3DBC997BD1B3FE9AFE91C9EB065EFDFFC8BDC8E2051127C2634047F9211612D03CDC4B1D5DFA5727D995B4062
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1729782234);..user_pref("app.update.lastUpdateTime.background-update-timer", 1729782234);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1729782234);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172978
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):90
                                                                                                                                                                                                                                                Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):90
                                                                                                                                                                                                                                                Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1600
                                                                                                                                                                                                                                                Entropy (8bit):6.3594258784034166
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:vkSUGlcAxSvnHLXnIgXXD/pnxQwRls6Zsp9rGH3j6xiMLctdL/5QH2oXpTurD/IE:cpOxaH/tnRTZY9aGxHLc5kpTgw6w4
                                                                                                                                                                                                                                                MD5:3898BC9F6D6392CD3F0191EB30DE46D9
                                                                                                                                                                                                                                                SHA1:0BE3B4BF77D22ACF06933E359D7F61ED4357D8D5
                                                                                                                                                                                                                                                SHA-256:03B8CB383E979AB6CDCA98D2A88DCCB632F42AB0484AD038E1EA987AABA3CA83
                                                                                                                                                                                                                                                SHA-512:B2D55BAFC00AC9706C070B7275B751FB01DC12B03702C04DDA1998D4E7A3C024D69BEC6E6EFE71C4C96FDB0AAC432B4CA834F92B39B0E29746A54308EE941EEE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{c1e2191b-bf23-49a5-8844-5794c0a8a03b}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729782241102,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1280,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..mUpdate...startTim..P04275...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...12040,"originA...."
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1600
                                                                                                                                                                                                                                                Entropy (8bit):6.3594258784034166
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:vkSUGlcAxSvnHLXnIgXXD/pnxQwRls6Zsp9rGH3j6xiMLctdL/5QH2oXpTurD/IE:cpOxaH/tnRTZY9aGxHLc5kpTgw6w4
                                                                                                                                                                                                                                                MD5:3898BC9F6D6392CD3F0191EB30DE46D9
                                                                                                                                                                                                                                                SHA1:0BE3B4BF77D22ACF06933E359D7F61ED4357D8D5
                                                                                                                                                                                                                                                SHA-256:03B8CB383E979AB6CDCA98D2A88DCCB632F42AB0484AD038E1EA987AABA3CA83
                                                                                                                                                                                                                                                SHA-512:B2D55BAFC00AC9706C070B7275B751FB01DC12B03702C04DDA1998D4E7A3C024D69BEC6E6EFE71C4C96FDB0AAC432B4CA834F92B39B0E29746A54308EE941EEE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{c1e2191b-bf23-49a5-8844-5794c0a8a03b}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729782241102,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1280,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..mUpdate...startTim..P04275...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...12040,"originA...."
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 5862 bytes
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1600
                                                                                                                                                                                                                                                Entropy (8bit):6.3594258784034166
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:vkSUGlcAxSvnHLXnIgXXD/pnxQwRls6Zsp9rGH3j6xiMLctdL/5QH2oXpTurD/IE:cpOxaH/tnRTZY9aGxHLc5kpTgw6w4
                                                                                                                                                                                                                                                MD5:3898BC9F6D6392CD3F0191EB30DE46D9
                                                                                                                                                                                                                                                SHA1:0BE3B4BF77D22ACF06933E359D7F61ED4357D8D5
                                                                                                                                                                                                                                                SHA-256:03B8CB383E979AB6CDCA98D2A88DCCB632F42AB0484AD038E1EA987AABA3CA83
                                                                                                                                                                                                                                                SHA-512:B2D55BAFC00AC9706C070B7275B751FB01DC12B03702C04DDA1998D4E7A3C024D69BEC6E6EFE71C4C96FDB0AAC432B4CA834F92B39B0E29746A54308EE941EEE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{c1e2191b-bf23-49a5-8844-5794c0a8a03b}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1729782241102,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1280,"height":1024,"screenX......Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zE..1...Wn..m........k..;....1":{..mUpdate...startTim..P04275...centCrash..B0},".....Dcook.. hod..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,a.Donly..fexpiry...12040,"originA...."
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                                                Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4537
                                                                                                                                                                                                                                                Entropy (8bit):5.034136635065589
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YrSAYN6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycNyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                MD5:7E1829A65DF0E2BCC56415942EE0D776
                                                                                                                                                                                                                                                SHA1:D6F845665465313B30DC6ABCBFD378D9E8D8AA04
                                                                                                                                                                                                                                                SHA-256:F4C41851CBDC796389450EABE79A8EA7114C38BBC2CB1D05219B36F47630E0A2
                                                                                                                                                                                                                                                SHA-512:FB138EF3FC95528790673B13545EEC8F645BCC1978473E343CC410C2E2FFAF734386D4CA6B5683923D3F890AE479CB536D16321AB6163BF735B12D695121C108
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-24T15:03:42.743Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4537
                                                                                                                                                                                                                                                Entropy (8bit):5.034136635065589
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:YrSAYN6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycNyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                                                                                                                                                                                                                                MD5:7E1829A65DF0E2BCC56415942EE0D776
                                                                                                                                                                                                                                                SHA1:D6F845665465313B30DC6ABCBFD378D9E8D8AA04
                                                                                                                                                                                                                                                SHA-256:F4C41851CBDC796389450EABE79A8EA7114C38BBC2CB1D05219B36F47630E0A2
                                                                                                                                                                                                                                                SHA-512:FB138EF3FC95528790673B13545EEC8F645BCC1978473E343CC410C2E2FFAF734386D4CA6B5683923D3F890AE479CB536D16321AB6163BF735B12D695121C108
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-24T15:03:42.743Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):156
                                                                                                                                                                                                                                                Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}
                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):156
                                                                                                                                                                                                                                                Entropy (8bit):4.411137816108237
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YGNDhK6c2us1pNGHfYL2HEYwgL2HEmxhHtifYYMgEYyibudJ8KgfHVEW1:YGNTG/I2XV2fEzLEJ8Kgf1Ew
                                                                                                                                                                                                                                                MD5:AAC5F6FC2FA4A5691A244B46164834FD
                                                                                                                                                                                                                                                SHA1:F011E46647F4C402B798C285DE982A6BB9EC73BF
                                                                                                                                                                                                                                                SHA-256:BE115879DA967E2C1213870515E049801E5950D1179325B99891869A40263BB0
                                                                                                                                                                                                                                                SHA-512:963486CF702B7623C20123B669F538ADBC51B996E67AB52EDE4635FF05034CA28A3926A98656CB5E8E9BB2C1FBAD338744B312B4673585FD9810AA6E36D343EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""},"main-window":{"sizemode":"normal"}}}
                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):6.584682295247489
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:file.exe
                                                                                                                                                                                                                                                File size:919'552 bytes
                                                                                                                                                                                                                                                MD5:7204a55ed486cee5061c0518d9f594ac
                                                                                                                                                                                                                                                SHA1:58eaf918c76803f4405230aaad34582fa1a65a4d
                                                                                                                                                                                                                                                SHA256:f02f2b6cc008e93e49656ee981244e2bc4c6d352dfe1921974ed88fd70c8fe17
                                                                                                                                                                                                                                                SHA512:e3cfd356db65c93a30842cadb5e04c7fddef5c2202a851c40a38b85ec8d49f2051cfc1790dcf4931cadab607dab92375ce41febbd06e9d7e72161e8afaee7c06
                                                                                                                                                                                                                                                SSDEEP:12288:NqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/Tt:NqDEvCTbMWu7rQYlBQcBiT6rprG8abt
                                                                                                                                                                                                                                                TLSH:8C159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                Entrypoint:0x420577
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x671A44CB [Thu Oct 24 12:59:55 2024 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                                                                                Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                call 00007F022CB0D6D3h
                                                                                                                                                                                                                                                jmp 00007F022CB0CFDFh
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                call 00007F022CB0D1BDh
                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                retn 0004h
                                                                                                                                                                                                                                                and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                mov eax, ecx
                                                                                                                                                                                                                                                and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                call 00007F022CB0D18Ah
                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                retn 0004h
                                                                                                                                                                                                                                                and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                mov eax, ecx
                                                                                                                                                                                                                                                and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                add eax, 04h
                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                call 00007F022CB0FD7Dh
                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                retn 0004h
                                                                                                                                                                                                                                                lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                call 00007F022CB0FDC8h
                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                call 00007F022CB0FDB1h
                                                                                                                                                                                                                                                test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9c28.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .rsrc0xd40000x9c280x9e00e5299250ca3cc1c00c0a2cb537524a9eFalse0.31566455696202533data5.3741264921045495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                RT_RCDATA0xdc7b80xef0data1.0028765690376569
                                                                                                                                                                                                                                                RT_GROUP_ICON0xdd6a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                RT_GROUP_ICON0xdd7200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                RT_GROUP_ICON0xdd7340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                RT_GROUP_ICON0xdd7480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                RT_VERSION0xdd75c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                RT_MANIFEST0xdd8380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                EnglishGreat Britain
                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.153286934 CEST60885443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.153326988 CEST4436088535.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.154181957 CEST60885443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.159128904 CEST60885443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.159143925 CEST4436088535.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.777657986 CEST4436088535.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.777971983 CEST60885443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.802752972 CEST60885443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.802782059 CEST4436088535.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.803075075 CEST60885443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.803425074 CEST4436088535.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.804727077 CEST60885443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.476141930 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.476190090 CEST44360887142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.478610039 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.478610039 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.478656054 CEST44360887142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.628551960 CEST6088880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.638349056 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.638402939 CEST44360889142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.638823986 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.640294075 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.640317917 CEST44360889142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.107995987 CEST806088834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.108094931 CEST6088880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.108356953 CEST6088880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.113687038 CEST806088834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.137411118 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.137454033 CEST4435233535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.142265081 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.142437935 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.142451048 CEST4435233535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.159020901 CEST52336443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.159046888 CEST4435233634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.159207106 CEST52336443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.160623074 CEST52336443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.160635948 CEST4435233634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.333684921 CEST44360887142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.334413052 CEST44360887142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.334948063 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.334956884 CEST44360887142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.385358095 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.612865925 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.612880945 CEST44360887142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.612994909 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.613131046 CEST44360887142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.613452911 CEST60887443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.705410957 CEST806088834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.753340006 CEST6088880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.755279064 CEST4435233535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.763099909 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.774704933 CEST4435233634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.774806976 CEST52336443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.950700998 CEST44360889142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.951451063 CEST44360889142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.954471111 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.954498053 CEST44360889142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.006314039 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.485549927 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.485580921 CEST4435233535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.485939026 CEST4435233535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.486376047 CEST52338443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.486413002 CEST4435233834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.488703966 CEST52336443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.488730907 CEST4435233634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.488830090 CEST52336443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.488943100 CEST4435233634.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.489208937 CEST52339443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.489276886 CEST4435233934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.492238998 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.492269039 CEST44360889142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.492343903 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.492445946 CEST44360889142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.492871046 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.492911100 CEST44352340142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.496874094 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.496949911 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.497100115 CEST4435233535.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.497284889 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.497319937 CEST52336443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.497339010 CEST60889443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.497354984 CEST52338443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.497361898 CEST52339443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.498833895 CEST52338443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.498855114 CEST4435233834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.500235081 CEST52339443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.500282049 CEST4435233934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.500849962 CEST6088880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.506634951 CEST806088834.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.512825012 CEST52335443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.512938023 CEST6088880192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.513062000 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.514396906 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.514411926 CEST44352340142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.693828106 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.693933964 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.699203968 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.699280977 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.701915979 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.701999903 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.702099085 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.702536106 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.707732916 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.707746983 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.735866070 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.735898018 CEST4435234334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.736573935 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.736573935 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.736602068 CEST4435234334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.108146906 CEST4435233934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.108166933 CEST4435233934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.108630896 CEST52339443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.113893986 CEST52339443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.113908052 CEST4435233934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.114005089 CEST52339443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.114078045 CEST4435233934.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.114198923 CEST52339443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.120472908 CEST4435233834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.120491028 CEST4435233834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.124083996 CEST52338443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.128170013 CEST52338443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.128211975 CEST4435233834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.128257036 CEST52338443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.128407001 CEST4435233834.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.128654003 CEST52338443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.229722023 CEST52345443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.229784966 CEST4435234534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.230580091 CEST52345443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.232141972 CEST52345443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.232161045 CEST4435234534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.308559895 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.309947968 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.348920107 CEST4435234334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.349040031 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.353868961 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.353884935 CEST4435234334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.354186058 CEST4435234334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.357230902 CEST44352340142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.357245922 CEST44352340142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.357558012 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.357953072 CEST44352340142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.358293056 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.363208055 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.363432884 CEST4435234334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.363512993 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.363523006 CEST4435234334.160.144.191192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.363636971 CEST52343443192.168.2.434.160.144.191
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.366183996 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.366192102 CEST44352340142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.366302013 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.366400003 CEST44352340142.250.186.110192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.366545916 CEST52340443192.168.2.4142.250.186.110
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.368575096 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.368726015 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.468096018 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.473675013 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.596549988 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.647351027 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.735368967 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.740839958 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.852159977 CEST4435234534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.856029987 CEST52345443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.860100031 CEST52345443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.860110998 CEST4435234534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.860280991 CEST4435234534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.860635996 CEST52345443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.860635996 CEST52347443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.860660076 CEST4435234534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.860677004 CEST4435234734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.862607956 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.869189024 CEST52347443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.870887041 CEST52347443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.870904922 CEST4435234734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.916990995 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.067338943 CEST4435234534.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.068603992 CEST52345443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.087970972 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.093525887 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.215101957 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.263161898 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.487869024 CEST4435234734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.487890005 CEST4435234734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.495152950 CEST52347443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.509046078 CEST52347443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.509046078 CEST52347443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.509061098 CEST4435234734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.509371996 CEST4435234734.117.188.166192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.509578943 CEST52347443192.168.2.434.117.188.166
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.406451941 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.406505108 CEST4435234835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.406871080 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.407036066 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.407053947 CEST4435234835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.500684023 CEST52349443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.500714064 CEST4435234934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.507623911 CEST52350443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.507637024 CEST4435235034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.509778976 CEST52349443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.509913921 CEST52350443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.511301041 CEST52349443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.511327982 CEST4435234934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.512754917 CEST52350443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.512772083 CEST4435235034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.523658037 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.530365944 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.547466993 CEST52351443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.547518015 CEST4435235134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.555059910 CEST52351443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.556660891 CEST52351443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.556688070 CEST4435235134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.822163105 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.881464005 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.881680965 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.881680965 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.035208941 CEST4435234835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.039343119 CEST4435234835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.039975882 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.137259960 CEST4435235034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.137361050 CEST52350443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.159867048 CEST4435234934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.159883022 CEST4435234934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.159969091 CEST52349443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.197479963 CEST4435235134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.197496891 CEST4435235134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.197560072 CEST52351443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.359055042 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.359083891 CEST4435234835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.359474897 CEST4435234835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.374612093 CEST52349443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.374651909 CEST4435234934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.374715090 CEST52349443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.374829054 CEST52350443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.374839067 CEST4435235034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.374937057 CEST4435234934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.375025988 CEST52350443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.375055075 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.375055075 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.375111103 CEST4435235034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.375271082 CEST4435234835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.376900911 CEST52351443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.376929998 CEST4435235134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.376966953 CEST52351443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.377111912 CEST4435235134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.379457951 CEST52349443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.379483938 CEST52351443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.379487038 CEST52350443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:20.379623890 CEST52348443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:24.707501888 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:24.713095903 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:24.838274956 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:24.885750055 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.129920959 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.135541916 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.165694952 CEST52358443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.165734053 CEST4435235834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.166220903 CEST52358443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.167740107 CEST52358443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.167754889 CEST4435235834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.258101940 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.305699110 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.323153973 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.323206902 CEST4435235934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.325483084 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.325669050 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.325687885 CEST4435235934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.642752886 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.642805099 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.642999887 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.643030882 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.643038034 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.659394026 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.664856911 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.779916048 CEST4435235834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.780014992 CEST52358443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.787878990 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.807054043 CEST52358443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.807074070 CEST4435235834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.807255030 CEST4435235834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.807322979 CEST52358443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.807332039 CEST4435235834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.829437017 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.935395956 CEST4435235934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.935496092 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.004259109 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.004342079 CEST4435235934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.005326033 CEST4435235934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.007009029 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.007110119 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.007462978 CEST4435235934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.007945061 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.007988930 CEST52359443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.011369944 CEST4435235834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.011441946 CEST52358443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.267476082 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.267618895 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.475819111 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.475847960 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.476308107 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.478591919 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.478838921 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.478869915 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.478884935 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.687333107 CEST4435236034.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.691348076 CEST52360443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.999778032 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.005228043 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.127238035 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.131191969 CEST52361443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.131231070 CEST4435236134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.132477045 CEST52361443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.134280920 CEST52361443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.134294033 CEST4435236134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.179991007 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.282274961 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.287687063 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408986092 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.449584007 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.751450062 CEST4435236134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.751533985 CEST52361443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.558748007 CEST52361443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.558793068 CEST4435236134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.559251070 CEST4435236134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.559372902 CEST52361443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.562103987 CEST52361443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.562134027 CEST4435236134.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.934782982 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.940256119 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.061924934 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.117918015 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.313569069 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.319067001 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.440723896 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.487023115 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.179614067 CEST52362443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.179646015 CEST4435236234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.180146933 CEST52362443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.181634903 CEST52362443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.181643963 CEST4435236234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.802059889 CEST4435236234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.802145958 CEST52362443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.807245970 CEST52362443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.807265043 CEST4435236234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.807333946 CEST52362443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.807468891 CEST4435236234.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.807645082 CEST52362443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.811088085 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.816452026 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.938244104 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.941668987 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.947071075 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.991512060 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:32.068658113 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:32.123070955 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.221374035 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.221474886 CEST4435236335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.223683119 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.223853111 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.223887920 CEST4435236335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.246515989 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.246550083 CEST4435236434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.246747971 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.246834993 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.246843100 CEST4435236434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.251925945 CEST52365443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.251954079 CEST44352365151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.252072096 CEST52365443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.252201080 CEST52365443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.252214909 CEST44352365151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.267303944 CEST52366443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.267337084 CEST4435236635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.272753954 CEST52366443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.274342060 CEST52366443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.274353981 CEST4435236635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.284271955 CEST52367443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.284307957 CEST4435236735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.285449982 CEST52367443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.287023067 CEST52367443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.287034988 CEST4435236735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.847996950 CEST4435236335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.848136902 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.851856947 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.851886034 CEST4435236335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.852197886 CEST4435236335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.852909088 CEST4435236434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.852992058 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.856182098 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.856193066 CEST4435236434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.857013941 CEST4435236434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.858154058 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.858294964 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.858372927 CEST4435236335.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.858871937 CEST52363443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.860208988 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.860208988 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.860359907 CEST4435236434.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.863866091 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.864161015 CEST52364443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.869286060 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.872616053 CEST44352365151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.872721910 CEST52365443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.876105070 CEST52365443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.876116037 CEST44352365151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.876466990 CEST44352365151.101.1.91192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.878782034 CEST52365443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.878880024 CEST52365443192.168.2.4151.101.1.91
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.891397953 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.891443968 CEST4435236835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.892349005 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.892476082 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.892491102 CEST4435236835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.894025087 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.894047022 CEST4435236935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.895152092 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.895272970 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.895282984 CEST4435236935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.895900011 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.895930052 CEST4435237035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.897140980 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.897241116 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.897255898 CEST4435237035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.906419039 CEST4435236635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.911062956 CEST52366443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.915946007 CEST52366443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.915956020 CEST4435236635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.916048050 CEST52366443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.916150093 CEST4435236635.190.72.216192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.916501999 CEST52366443192.168.2.435.190.72.216
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.924916029 CEST4435236735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.925118923 CEST52367443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.930037975 CEST52367443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.930058002 CEST4435236735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.930133104 CEST52367443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.930356979 CEST4435236735.201.103.21192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.931061029 CEST52367443192.168.2.435.201.103.21
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.942869902 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.942900896 CEST4435237134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.943001032 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.943085909 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.943097115 CEST4435237134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.990814924 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.993985891 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.999319077 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.044434071 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.120716095 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.166778088 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.514233112 CEST4435236835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.514322042 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.517488956 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.517503023 CEST4435236835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.517502069 CEST4435237035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.517767906 CEST4435236835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.518023014 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.520302057 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.520307064 CEST4435237035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.520978928 CEST4435237035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.522814035 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.522923946 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.523024082 CEST4435236835.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.523936033 CEST4435236935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.523983002 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.524060011 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.524230003 CEST52368443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.524266958 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.524490118 CEST4435237035.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.527523041 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.527534008 CEST4435236935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.528049946 CEST4435236935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.528717995 CEST52370443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.530617952 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.530617952 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.530822039 CEST4435236935.244.181.201192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.531443119 CEST52369443192.168.2.435.244.181.201
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.533725977 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.539079905 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.553669930 CEST4435237134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.553761005 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.557111979 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.557132959 CEST4435237134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.558010101 CEST4435237134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.560283899 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.560378075 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.560750961 CEST4435237134.149.100.209192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.561372995 CEST52371443192.168.2.434.149.100.209
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.661006927 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.664635897 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.670058012 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.715084076 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.792711973 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.846632004 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.950210094 CEST52373443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.950256109 CEST4435237334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.951064110 CEST52373443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.952610970 CEST52373443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.952625990 CEST4435237334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.573070049 CEST4435237334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.573218107 CEST52373443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.578172922 CEST52373443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.578181982 CEST4435237334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.578306913 CEST52373443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.578443050 CEST4435237334.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.578564882 CEST52373443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.582696915 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.588062048 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.710369110 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.714370012 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.719702005 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.758070946 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.841043949 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.896060944 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:53.711184025 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:53.716522932 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:53.849107027 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:53.854538918 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.136648893 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.141978979 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.788386106 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.788816929 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.788885117 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.790143013 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.790520906 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.792438984 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.040323973 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.162349939 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.207622051 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.637737989 CEST60496443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.637798071 CEST4436049634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.638025999 CEST60496443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.639416933 CEST60496443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.639452934 CEST4436049634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.239535093 CEST4436049634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.239919901 CEST60496443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.244414091 CEST60496443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.244457960 CEST4436049634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.244525909 CEST60496443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.244666100 CEST4436049634.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.247343063 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.248287916 CEST60496443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.252846003 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.374994040 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.378837109 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.384097099 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.426753998 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.505691051 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.558307886 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.352438927 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.352493048 CEST4436051734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.352782011 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.352819920 CEST4436051834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.353507042 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.353513002 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.353718042 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.353729963 CEST4436051734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.354121923 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.354135990 CEST4436051834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.374577999 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.374603987 CEST4436051934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.376821041 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.377017975 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.377029896 CEST4436051934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.960431099 CEST4436051834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.960562944 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.963643074 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.963654041 CEST4436051834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.963902950 CEST4436051834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.965814114 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.965948105 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.965959072 CEST4436051734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.965986967 CEST4436051834.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.966145039 CEST60518443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.966167927 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.968909025 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.968920946 CEST4436051734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.969163895 CEST4436051734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.973711014 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.974206924 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.974296093 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.974354029 CEST4436051734.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.975306988 CEST60517443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.979259968 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.992808104 CEST4436051934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.992923021 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.995862961 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.995867968 CEST4436051934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.997880936 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.997884035 CEST4436051934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.998003006 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.002402067 CEST4436051934.120.208.123192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.002477884 CEST60519443192.168.2.434.120.208.123
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.102569103 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.127932072 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.133337021 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.156197071 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.256161928 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.300390959 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:19.114707947 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:19.263956070 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:19.337579012 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:19.337601900 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:29.344358921 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:29.344357967 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:29.349912882 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:29.349967003 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:39.357492924 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:39.357496977 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:39.363590002 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:39.363640070 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.362932920 CEST60710443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.363030910 CEST4436071034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.363138914 CEST60710443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.364703894 CEST60710443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.364756107 CEST4436071034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.975661039 CEST4436071034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.975734949 CEST60710443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.982105017 CEST60710443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.982115984 CEST4436071034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.982213974 CEST60710443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.982247114 CEST4436071034.107.243.93192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.983227968 CEST60710443192.168.2.434.107.243.93
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.985311031 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.991385937 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.113738060 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.117944956 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.125761986 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.158852100 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.245661020 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.290452957 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:55.119661093 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:55.126023054 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:55.251183987 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:55.256767988 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:05.132282019 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:05.137732983 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:05.263964891 CEST5234180192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:05.269692898 CEST805234134.107.221.82192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:15.145026922 CEST5234280192.168.2.434.107.221.82
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:15.150434971 CEST805234234.107.221.82192.168.2.4
                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.157183886 CEST5205953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.165971041 CEST53520591.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.174313068 CEST5108853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.182631016 CEST53510881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.447552919 CEST6160953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.452893972 CEST5569953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.463584900 CEST53556991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.470886946 CEST6008653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.476820946 CEST6073153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.480640888 CEST53600861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.481738091 CEST5171653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.485606909 CEST53607311.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.489712000 CEST53517161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.495187044 CEST6493253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.502832890 CEST53649321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.884763002 CEST6159953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.125940084 CEST6133753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.133558035 CEST53613371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.138432980 CEST6481953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.146188974 CEST53648191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.150772095 CEST5336053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.157727957 CEST5780953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.158036947 CEST53533601.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.159115076 CEST6360253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.166049004 CEST53578091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.167021036 CEST53636021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.168275118 CEST5554453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.175901890 CEST53555441.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.478043079 CEST6494153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.485760927 CEST53649411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.495426893 CEST5576453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.498797894 CEST6172053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.502881050 CEST53557641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.506509066 CEST53617201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.513839960 CEST5630753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.521363020 CEST53563071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.723208904 CEST6327053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.730287075 CEST53632701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.736407995 CEST6471053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.743834019 CEST53647101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.746566057 CEST5388053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.754295111 CEST53538801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.736077070 CEST4985753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.805768013 CEST53641111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.095660925 CEST5226853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.103682041 CEST53522681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.121439934 CEST6522753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.128897905 CEST53652271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.141654015 CEST5110253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.149023056 CEST53511021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.397521973 CEST6269053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.397770882 CEST4984353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.406205893 CEST53626901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.407411098 CEST53498431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.409250021 CEST5798953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.418073893 CEST53579891.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.418804884 CEST5370953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.429089069 CEST53537091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.500880957 CEST5921353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.512564898 CEST53592131.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.519229889 CEST6074353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.528337002 CEST53607431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.535002947 CEST6112553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.545175076 CEST53611251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.549674988 CEST5256153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.557969093 CEST53525611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.562788963 CEST5165353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.570693970 CEST53516531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.145869017 CEST6105553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.153955936 CEST53610551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.281375885 CEST5603953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.282274008 CEST4920953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.282758951 CEST6419453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST53560391.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289973974 CEST53492091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.290097952 CEST53641941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.308391094 CEST5927553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.308391094 CEST5371153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.308610916 CEST5640353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316149950 CEST53564031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316348076 CEST53592751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST53537111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.317255020 CEST5371453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.317255020 CEST6252653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.324477911 CEST53537141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.325488091 CEST53625261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.391731977 CEST5866153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.391731977 CEST5144253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.392081976 CEST5711053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399159908 CEST53514421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399187088 CEST53571101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399200916 CEST53586611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.400471926 CEST4985553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.400521040 CEST5723053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.407772064 CEST53572301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408389091 CEST6152753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408921957 CEST53498551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.409672022 CEST6228653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.415802956 CEST53615271.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.417593956 CEST53622861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.180058002 CEST6015053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.187640905 CEST53601501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.222457886 CEST6050253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.233019114 CEST53605021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.241784096 CEST4919553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.250850916 CEST53491951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.252585888 CEST5176253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.260550022 CEST53517621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.261147022 CEST5740053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.270184994 CEST53574001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.272533894 CEST5282853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.279875040 CEST53528281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.284432888 CEST6008053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.293262959 CEST53600801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.296376944 CEST5386853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.304750919 CEST53538681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.949465036 CEST5870153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.956985950 CEST53587011.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.965637922 CEST6132453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.973803043 CEST53613241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:48.622987032 CEST5351551162.159.36.2192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:49.312371016 CEST53588941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.136504889 CEST5475053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.622176886 CEST6334953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.636123896 CEST53633491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.636934042 CEST6130653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.644681931 CEST53613061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.377454042 CEST5850553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.385484934 CEST53585051.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.361490011 CEST5429953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.372858047 CEST53542991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.385782957 CEST5851653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.397443056 CEST53585161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.985599041 CEST5346653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.157183886 CEST192.168.2.41.1.1.10x226bStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.174313068 CEST192.168.2.41.1.1.10x7619Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.447552919 CEST192.168.2.41.1.1.10xa172Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.452893972 CEST192.168.2.41.1.1.10xf32cStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.470886946 CEST192.168.2.41.1.1.10x9497Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.476820946 CEST192.168.2.41.1.1.10xb549Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.481738091 CEST192.168.2.41.1.1.10x3621Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.495187044 CEST192.168.2.41.1.1.10xce55Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.884763002 CEST192.168.2.41.1.1.10xb3a6Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.125940084 CEST192.168.2.41.1.1.10x530aStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.138432980 CEST192.168.2.41.1.1.10x9d95Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.150772095 CEST192.168.2.41.1.1.10xd45Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.157727957 CEST192.168.2.41.1.1.10x8fb8Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.159115076 CEST192.168.2.41.1.1.10xc86bStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.168275118 CEST192.168.2.41.1.1.10xef18Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.478043079 CEST192.168.2.41.1.1.10xe373Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.495426893 CEST192.168.2.41.1.1.10x6de3Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.498797894 CEST192.168.2.41.1.1.10xbe3Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.513839960 CEST192.168.2.41.1.1.10x5e9Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.723208904 CEST192.168.2.41.1.1.10xffe5Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.736407995 CEST192.168.2.41.1.1.10x3cb2Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.746566057 CEST192.168.2.41.1.1.10xa586Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.736077070 CEST192.168.2.41.1.1.10x267dStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.095660925 CEST192.168.2.41.1.1.10x736fStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.121439934 CEST192.168.2.41.1.1.10xfeebStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.141654015 CEST192.168.2.41.1.1.10x9c6cStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.397521973 CEST192.168.2.41.1.1.10xaa76Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.397770882 CEST192.168.2.41.1.1.10x7663Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.409250021 CEST192.168.2.41.1.1.10xaddeStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.418804884 CEST192.168.2.41.1.1.10x8d67Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.500880957 CEST192.168.2.41.1.1.10x25c4Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.519229889 CEST192.168.2.41.1.1.10x2149Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.535002947 CEST192.168.2.41.1.1.10x1176Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.549674988 CEST192.168.2.41.1.1.10xaecdStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.562788963 CEST192.168.2.41.1.1.10x8addStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.145869017 CEST192.168.2.41.1.1.10xd4cdStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.281375885 CEST192.168.2.41.1.1.10x950dStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.282274008 CEST192.168.2.41.1.1.10x6680Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.282758951 CEST192.168.2.41.1.1.10xb275Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.308391094 CEST192.168.2.41.1.1.10x1f98Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.308391094 CEST192.168.2.41.1.1.10x3150Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.308610916 CEST192.168.2.41.1.1.10xf1a3Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.317255020 CEST192.168.2.41.1.1.10x868eStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.317255020 CEST192.168.2.41.1.1.10x6e70Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.391731977 CEST192.168.2.41.1.1.10xd6a8Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.391731977 CEST192.168.2.41.1.1.10x3e40Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.392081976 CEST192.168.2.41.1.1.10x401fStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.400471926 CEST192.168.2.41.1.1.10x839eStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.400521040 CEST192.168.2.41.1.1.10x63a5Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408389091 CEST192.168.2.41.1.1.10xbe42Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.409672022 CEST192.168.2.41.1.1.10x61f7Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.180058002 CEST192.168.2.41.1.1.10x6ae6Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.222457886 CEST192.168.2.41.1.1.10xb1f2Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.241784096 CEST192.168.2.41.1.1.10x94c1Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.252585888 CEST192.168.2.41.1.1.10x8e3cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.261147022 CEST192.168.2.41.1.1.10x9fbdStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.272533894 CEST192.168.2.41.1.1.10x290aStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.284432888 CEST192.168.2.41.1.1.10x4a06Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.296376944 CEST192.168.2.41.1.1.10xac0eStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.949465036 CEST192.168.2.41.1.1.10xb48Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.965637922 CEST192.168.2.41.1.1.10x38d6Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.136504889 CEST192.168.2.41.1.1.10x84f3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.622176886 CEST192.168.2.41.1.1.10xa35eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.636934042 CEST192.168.2.41.1.1.10xee83Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.377454042 CEST192.168.2.41.1.1.10x14e9Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.361490011 CEST192.168.2.41.1.1.10x1127Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.385782957 CEST192.168.2.41.1.1.10xbe12Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.985599041 CEST192.168.2.41.1.1.10xca3eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.125418901 CEST1.1.1.1192.168.2.40xbc3bNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:10.165971041 CEST1.1.1.1192.168.2.40x226bNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.459048986 CEST1.1.1.1192.168.2.40xa172No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.459048986 CEST1.1.1.1192.168.2.40xa172No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.463584900 CEST1.1.1.1192.168.2.40xf32cNo error (0)youtube.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.480640888 CEST1.1.1.1192.168.2.40x9497No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.485606909 CEST1.1.1.1192.168.2.40xb549No error (0)youtube.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.489712000 CEST1.1.1.1192.168.2.40x3621No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:12.502832890 CEST1.1.1.1192.168.2.40xce55No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.110141039 CEST1.1.1.1192.168.2.40xb3a6No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.110141039 CEST1.1.1.1192.168.2.40xb3a6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.132992983 CEST1.1.1.1192.168.2.40x9fcfNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.132992983 CEST1.1.1.1192.168.2.40x9fcfNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.146188974 CEST1.1.1.1192.168.2.40x9d95No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.158036947 CEST1.1.1.1192.168.2.40xd45No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.158036947 CEST1.1.1.1192.168.2.40xd45No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.167021036 CEST1.1.1.1192.168.2.40xc86bNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.485760927 CEST1.1.1.1192.168.2.40xe373No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.502881050 CEST1.1.1.1192.168.2.40x6de3No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.521363020 CEST1.1.1.1192.168.2.40x5e9No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.521363020 CEST1.1.1.1192.168.2.40x5e9No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.730287075 CEST1.1.1.1192.168.2.40xffe5No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.730287075 CEST1.1.1.1192.168.2.40xffe5No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.730287075 CEST1.1.1.1192.168.2.40xffe5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.743834019 CEST1.1.1.1192.168.2.40x3cb2No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.754295111 CEST1.1.1.1192.168.2.40xa586No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.744358063 CEST1.1.1.1192.168.2.40x267dNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.103682041 CEST1.1.1.1192.168.2.40x736fNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.128897905 CEST1.1.1.1192.168.2.40xfeebNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.402605057 CEST1.1.1.1192.168.2.40x575fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.402605057 CEST1.1.1.1192.168.2.40x575fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.407411098 CEST1.1.1.1192.168.2.40x7663No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.407411098 CEST1.1.1.1192.168.2.40x7663No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.407411098 CEST1.1.1.1192.168.2.40x7663No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.418073893 CEST1.1.1.1192.168.2.40xaddeNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.498370886 CEST1.1.1.1192.168.2.40x6b2eNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.512564898 CEST1.1.1.1192.168.2.40x25c4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.545175076 CEST1.1.1.1192.168.2.40x1176No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.545175076 CEST1.1.1.1192.168.2.40x1176No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.557969093 CEST1.1.1.1192.168.2.40xaecdNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.144985914 CEST1.1.1.1192.168.2.40x8830No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289148092 CEST1.1.1.1192.168.2.40x950dNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289973974 CEST1.1.1.1192.168.2.40x6680No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.289973974 CEST1.1.1.1192.168.2.40x6680No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.290097952 CEST1.1.1.1192.168.2.40xb275No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.290097952 CEST1.1.1.1192.168.2.40xb275No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316149950 CEST1.1.1.1192.168.2.40xf1a3No error (0)star-mini.c10r.facebook.com157.240.251.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316348076 CEST1.1.1.1192.168.2.40x1f98No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.316792965 CEST1.1.1.1192.168.2.40x3150No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.324477911 CEST1.1.1.1192.168.2.40x868eNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.325488091 CEST1.1.1.1192.168.2.40x6e70No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399159908 CEST1.1.1.1192.168.2.40x3e40No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399159908 CEST1.1.1.1192.168.2.40x3e40No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399159908 CEST1.1.1.1192.168.2.40x3e40No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399159908 CEST1.1.1.1192.168.2.40x3e40No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399159908 CEST1.1.1.1192.168.2.40x3e40No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399187088 CEST1.1.1.1192.168.2.40x401fNo error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399200916 CEST1.1.1.1192.168.2.40xd6a8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399200916 CEST1.1.1.1192.168.2.40xd6a8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399200916 CEST1.1.1.1192.168.2.40xd6a8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.399200916 CEST1.1.1.1192.168.2.40xd6a8No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.407772064 CEST1.1.1.1192.168.2.40x63a5No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408921957 CEST1.1.1.1192.168.2.40x839eNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408921957 CEST1.1.1.1192.168.2.40x839eNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408921957 CEST1.1.1.1192.168.2.40x839eNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408921957 CEST1.1.1.1192.168.2.40x839eNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.250850916 CEST1.1.1.1192.168.2.40x94c1No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.250850916 CEST1.1.1.1192.168.2.40x94c1No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.250850916 CEST1.1.1.1192.168.2.40x94c1No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.250850916 CEST1.1.1.1192.168.2.40x94c1No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.260550022 CEST1.1.1.1192.168.2.40x8e3cNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.260550022 CEST1.1.1.1192.168.2.40x8e3cNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.260550022 CEST1.1.1.1192.168.2.40x8e3cNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.260550022 CEST1.1.1.1192.168.2.40x8e3cNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.279875040 CEST1.1.1.1192.168.2.40x290aNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.279875040 CEST1.1.1.1192.168.2.40x290aNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.293262959 CEST1.1.1.1192.168.2.40x4a06No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.545177937 CEST1.1.1.1192.168.2.40x13c3No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.545177937 CEST1.1.1.1192.168.2.40x13c3No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:42.956985950 CEST1.1.1.1192.168.2.40xb48No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.144058943 CEST1.1.1.1192.168.2.40x84f3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.144058943 CEST1.1.1.1192.168.2.40x84f3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.636123896 CEST1.1.1.1192.168.2.40xa35eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.359217882 CEST1.1.1.1192.168.2.40xa288No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.372858047 CEST1.1.1.1192.168.2.40x1127No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.995280981 CEST1.1.1.1192.168.2.40xca3eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.995280981 CEST1.1.1.1192.168.2.40xca3eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                • detectportal.firefox.com
                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.46088834.107.221.82807716C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.108356953 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:13.705410957 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75414
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.45234134.107.221.82807716C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.702099085 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.308559895 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81962
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.468096018 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.596549988 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81962
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.087970972 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:16.215101957 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81963
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:24.707501888 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:24.838274956 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81971
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.659394026 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.787878990 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81973
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.282274961 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.408986092 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81975
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.313569069 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.440723896 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81977
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.941668987 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:32.068658113 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81979
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.993985891 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.120716095 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81986
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.664635897 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.792711973 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81986
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.714370012 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.841043949 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 81990
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:53.849107027 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.792438984 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:03.162349939 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 82010
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.378837109 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.505691051 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 82011
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.127932072 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.256161928 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 82016
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:19.263956070 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:29.344358921 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:39.357492924 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.117944956 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.245661020 CEST216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 14:23:13 GMT
                                                                                                                                                                                                                                                Age: 82052
                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:55.251183987 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:05.263964891 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.45234234.107.221.82807716C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:14.702536106 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.309947968 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75416
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.735368967 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:15.862607956 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75416
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.523658037 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.822163105 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75420
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:19.881464005 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75420
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.129920959 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:26.258101940 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75427
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:27.999778032 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:28.127238035 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75429
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:29.934782982 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:30.061924934 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75430
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.811088085 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:31.938244104 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75432
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.863866091 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:38.990814924 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75439
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.533725977 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:39.661006927 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75440
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.582696915 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:43.710369110 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75444
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:09:53.711184025 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.136648893 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.788386106 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75463
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.788816929 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75463
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:02.788885117 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75463
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.247343063 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:04.374994040 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75465
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:08.973711014 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:09.102569103 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75470
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:19.114707947 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:29.344357967 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:39.357496977 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:44.985311031 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:45.113738060 CEST298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                Date: Wed, 23 Oct 2024 16:12:19 GMT
                                                                                                                                                                                                                                                Age: 75506
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                Oct 24, 2024 15:10:55.119661093 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:05.132282019 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                Oct 24, 2024 15:11:15.145026922 CEST6OUTData Raw: 00
                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:09:09:02
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                Imagebase:0x880000
                                                                                                                                                                                                                                                File size:919'552 bytes
                                                                                                                                                                                                                                                MD5 hash:7204A55ED486CEE5061C0518D9F594AC
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                Start time:09:09:02
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                Imagebase:0x650000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:09:09:02
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                Start time:09:09:04
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                Imagebase:0x650000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                Start time:09:09:04
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                Imagebase:0x650000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                Imagebase:0x650000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                Imagebase:0x650000
                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                Start time:09:09:05
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                Start time:09:09:06
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2200 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baac71d5-40f3-4bd6-b9a2-f58f729b2199} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27bffd70310 socket
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                                Start time:09:09:09
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20230927232528 -prefsHandle 1540 -prefMapHandle 4036 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d14240-9cd3-49bb-8984-b5bc4d0eecb7} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9223cb10 rdd
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                                Start time:09:09:18
                                                                                                                                                                                                                                                Start date:24/10/2024
                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5340 -prefMapHandle 5352 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {316c6cfb-6661-4d2d-9a1c-1d3edad563fa} 7716 "\\.\pipe\gecko-crash-server-pipe.7716" 27b9e0a7110 utility
                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:2%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:4.3%
                                                                                                                                                                                                                                                  Total number of Nodes:1553
                                                                                                                                                                                                                                                  Total number of Limit Nodes:58
                                                                                                                                                                                                                                                  execution_graph 95218 912a55 95226 8f1ebc 95218->95226 95221 912a87 95222 912a70 95228 8e39c0 22 API calls 95222->95228 95224 912a7c 95229 8e417d 22 API calls __fread_nolock 95224->95229 95227 8f1ec3 IsWindow 95226->95227 95227->95221 95227->95222 95228->95224 95229->95221 95230 881cad SystemParametersInfoW 95231 8b8402 95236 8b81be 95231->95236 95235 8b842a 95237 8b81ef try_get_first_available_module 95236->95237 95244 8b8338 95237->95244 95251 8a8e0b 40 API calls 2 library calls 95237->95251 95239 8b83ee 95255 8b27ec 26 API calls pre_c_initialization 95239->95255 95241 8b8343 95241->95235 95248 8c0984 95241->95248 95243 8b838c 95243->95244 95252 8a8e0b 40 API calls 2 library calls 95243->95252 95244->95241 95254 8af2d9 20 API calls __dosmaperr 95244->95254 95246 8b83ab 95246->95244 95253 8a8e0b 40 API calls 2 library calls 95246->95253 95256 8c0081 95248->95256 95250 8c099f 95250->95235 95251->95243 95252->95246 95253->95244 95254->95239 95255->95241 95257 8c008d __FrameHandler3::FrameUnwindToState 95256->95257 95258 8c009b 95257->95258 95261 8c00d4 95257->95261 95313 8af2d9 20 API calls __dosmaperr 95258->95313 95260 8c00a0 95314 8b27ec 26 API calls pre_c_initialization 95260->95314 95267 8c065b 95261->95267 95266 8c00aa __wsopen_s 95266->95250 95268 8c0678 95267->95268 95269 8c068d 95268->95269 95270 8c06a6 95268->95270 95330 8af2c6 20 API calls __dosmaperr 95269->95330 95316 8b5221 95270->95316 95273 8c06ab 95274 8c06cb 95273->95274 95275 8c06b4 95273->95275 95329 8c039a CreateFileW 95274->95329 95332 8af2c6 20 API calls __dosmaperr 95275->95332 95279 8c06b9 95333 8af2d9 20 API calls __dosmaperr 95279->95333 95281 8c0781 GetFileType 95282 8c078c GetLastError 95281->95282 95283 8c07d3 95281->95283 95336 8af2a3 20 API calls 2 library calls 95282->95336 95338 8b516a 21 API calls 3 library calls 95283->95338 95284 8c0692 95331 8af2d9 20 API calls __dosmaperr 95284->95331 95285 8c0756 GetLastError 95335 8af2a3 20 API calls 2 library calls 95285->95335 95286 8c0704 95286->95281 95286->95285 95334 8c039a CreateFileW 95286->95334 95290 8c079a CloseHandle 95290->95284 95293 8c07c3 95290->95293 95291 8c0749 95291->95281 95291->95285 95337 8af2d9 20 API calls __dosmaperr 95293->95337 95294 8c07f4 95296 8c0840 95294->95296 95339 8c05ab 72 API calls 4 library calls 95294->95339 95301 8c086d 95296->95301 95340 8c014d 72 API calls 4 library calls 95296->95340 95297 8c07c8 95297->95284 95300 8c0866 95300->95301 95302 8c087e 95300->95302 95341 8b86ae 95301->95341 95304 8c00f8 95302->95304 95305 8c08fc CloseHandle 95302->95305 95315 8c0121 LeaveCriticalSection __wsopen_s 95304->95315 95356 8c039a CreateFileW 95305->95356 95307 8c0927 95308 8c0931 GetLastError 95307->95308 95309 8c095d 95307->95309 95357 8af2a3 20 API calls 2 library calls 95308->95357 95309->95304 95311 8c093d 95358 8b5333 21 API calls 3 library calls 95311->95358 95313->95260 95314->95266 95315->95266 95317 8b522d __FrameHandler3::FrameUnwindToState 95316->95317 95359 8b2f5e EnterCriticalSection 95317->95359 95319 8b5234 95320 8b5259 95319->95320 95325 8b52c7 EnterCriticalSection 95319->95325 95326 8b527b 95319->95326 95363 8b5000 95320->95363 95324 8b52a4 __wsopen_s 95324->95273 95325->95326 95327 8b52d4 LeaveCriticalSection 95325->95327 95360 8b532a 95326->95360 95327->95319 95329->95286 95330->95284 95331->95304 95332->95279 95333->95284 95334->95291 95335->95284 95336->95290 95337->95297 95338->95294 95339->95296 95340->95300 95389 8b53c4 95341->95389 95343 8b86c4 95402 8b5333 21 API calls 3 library calls 95343->95402 95344 8b86be 95344->95343 95346 8b53c4 __wsopen_s 26 API calls 95344->95346 95355 8b86f6 95344->95355 95350 8b86ed 95346->95350 95347 8b53c4 __wsopen_s 26 API calls 95351 8b8702 CloseHandle 95347->95351 95348 8b871c 95349 8b873e 95348->95349 95403 8af2a3 20 API calls 2 library calls 95348->95403 95349->95304 95353 8b53c4 __wsopen_s 26 API calls 95350->95353 95351->95343 95354 8b870e GetLastError 95351->95354 95353->95355 95354->95343 95355->95343 95355->95347 95356->95307 95357->95311 95358->95309 95359->95319 95371 8b2fa6 LeaveCriticalSection 95360->95371 95362 8b5331 95362->95324 95372 8b4c7d 95363->95372 95365 8b5012 95369 8b501f 95365->95369 95379 8b3405 11 API calls 2 library calls 95365->95379 95368 8b5071 95368->95326 95370 8b5147 EnterCriticalSection 95368->95370 95380 8b29c8 95369->95380 95370->95326 95371->95362 95377 8b4c8a __dosmaperr 95372->95377 95373 8b4cca 95387 8af2d9 20 API calls __dosmaperr 95373->95387 95374 8b4cb5 RtlAllocateHeap 95376 8b4cc8 95374->95376 95374->95377 95376->95365 95377->95373 95377->95374 95386 8a4ead 7 API calls 2 library calls 95377->95386 95379->95365 95381 8b29d3 RtlFreeHeap 95380->95381 95382 8b29fc _free 95380->95382 95381->95382 95383 8b29e8 95381->95383 95382->95368 95388 8af2d9 20 API calls __dosmaperr 95383->95388 95385 8b29ee GetLastError 95385->95382 95386->95377 95387->95376 95388->95385 95390 8b53d1 95389->95390 95391 8b53e6 95389->95391 95404 8af2c6 20 API calls __dosmaperr 95390->95404 95396 8b540b 95391->95396 95406 8af2c6 20 API calls __dosmaperr 95391->95406 95393 8b53d6 95405 8af2d9 20 API calls __dosmaperr 95393->95405 95396->95344 95397 8b5416 95407 8af2d9 20 API calls __dosmaperr 95397->95407 95398 8b53de 95398->95344 95400 8b541e 95408 8b27ec 26 API calls pre_c_initialization 95400->95408 95402->95348 95403->95349 95404->95393 95405->95398 95406->95397 95407->95400 95408->95398 95409 8c2ba5 95410 8c2baf 95409->95410 95411 882b25 95409->95411 95455 883a5a 95410->95455 95437 882b83 7 API calls 95411->95437 95415 8c2bb8 95462 889cb3 95415->95462 95418 882b2f 95424 882b44 95418->95424 95441 883837 95418->95441 95419 8c2bc6 95420 8c2bce 95419->95420 95421 8c2bf5 95419->95421 95468 8833c6 95420->95468 95422 8833c6 22 API calls 95421->95422 95426 8c2bf1 GetForegroundWindow ShellExecuteW 95422->95426 95429 882b5f 95424->95429 95451 8830f2 95424->95451 95431 8c2c26 95426->95431 95434 882b66 SetCurrentDirectoryW 95429->95434 95431->95429 95433 8c2be7 95435 8833c6 22 API calls 95433->95435 95436 882b7a 95434->95436 95435->95426 95478 882cd4 7 API calls 95437->95478 95439 882b2a 95440 882c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95439->95440 95440->95418 95442 883862 ___scrt_fastfail 95441->95442 95479 884212 95442->95479 95445 8838e8 95447 8c3386 Shell_NotifyIconW 95445->95447 95448 883906 Shell_NotifyIconW 95445->95448 95483 883923 95448->95483 95450 88391c 95450->95424 95452 883154 95451->95452 95453 883104 ___scrt_fastfail 95451->95453 95452->95429 95454 883123 Shell_NotifyIconW 95453->95454 95454->95452 95572 8c1f50 95455->95572 95458 889cb3 22 API calls 95459 883a8d 95458->95459 95574 883aa2 95459->95574 95461 883a97 95461->95415 95463 889cc2 _wcslen 95462->95463 95464 89fe0b 22 API calls 95463->95464 95465 889cea __fread_nolock 95464->95465 95466 89fddb 22 API calls 95465->95466 95467 889d00 95466->95467 95467->95419 95469 8833dd 95468->95469 95470 8c30bb 95468->95470 95594 8833ee 95469->95594 95471 89fddb 22 API calls 95470->95471 95474 8c30c5 _wcslen 95471->95474 95473 8833e8 95477 886350 22 API calls 95473->95477 95475 89fe0b 22 API calls 95474->95475 95476 8c30fe __fread_nolock 95475->95476 95477->95433 95478->95439 95480 8c35a4 95479->95480 95481 8838b7 95479->95481 95480->95481 95482 8c35ad DestroyIcon 95480->95482 95481->95445 95505 8ec874 42 API calls _strftime 95481->95505 95482->95481 95484 88393f 95483->95484 95485 883a13 95483->95485 95506 886270 95484->95506 95485->95450 95488 88395a 95511 886b57 95488->95511 95489 8c3393 LoadStringW 95491 8c33ad 95489->95491 95500 883994 ___scrt_fastfail 95491->95500 95524 88a8c7 22 API calls __fread_nolock 95491->95524 95492 88396f 95493 88397c 95492->95493 95494 8c33c9 95492->95494 95493->95491 95495 883986 95493->95495 95525 886350 22 API calls 95494->95525 95523 886350 22 API calls 95495->95523 95499 8c33d7 95499->95500 95501 8833c6 22 API calls 95499->95501 95502 8839f9 Shell_NotifyIconW 95500->95502 95503 8c33f9 95501->95503 95502->95485 95504 8833c6 22 API calls 95503->95504 95504->95500 95505->95445 95526 89fe0b 95506->95526 95508 886295 95536 89fddb 95508->95536 95510 88394d 95510->95488 95510->95489 95512 8c4ba1 95511->95512 95513 886b67 _wcslen 95511->95513 95562 8893b2 95512->95562 95516 886b7d 95513->95516 95517 886ba2 95513->95517 95515 8c4baa 95515->95515 95561 886f34 22 API calls 95516->95561 95518 89fddb 22 API calls 95517->95518 95520 886bae 95518->95520 95522 89fe0b 22 API calls 95520->95522 95521 886b85 __fread_nolock 95521->95492 95522->95521 95523->95500 95524->95500 95525->95499 95529 89fddb 95526->95529 95528 89fdfa 95528->95508 95529->95528 95531 89fdfc 95529->95531 95546 8aea0c 95529->95546 95553 8a4ead 7 API calls 2 library calls 95529->95553 95532 8a066d 95531->95532 95554 8a32a4 RaiseException 95531->95554 95555 8a32a4 RaiseException 95532->95555 95534 8a068a 95534->95508 95539 89fde0 95536->95539 95537 8aea0c ___std_exception_copy 21 API calls 95537->95539 95538 89fdfa 95538->95510 95539->95537 95539->95538 95541 89fdfc 95539->95541 95558 8a4ead 7 API calls 2 library calls 95539->95558 95542 8a066d 95541->95542 95559 8a32a4 RaiseException 95541->95559 95560 8a32a4 RaiseException 95542->95560 95544 8a068a 95544->95510 95551 8b3820 __dosmaperr 95546->95551 95547 8b385e 95557 8af2d9 20 API calls __dosmaperr 95547->95557 95549 8b3849 RtlAllocateHeap 95550 8b385c 95549->95550 95549->95551 95550->95529 95551->95547 95551->95549 95556 8a4ead 7 API calls 2 library calls 95551->95556 95553->95529 95554->95532 95555->95534 95556->95551 95557->95550 95558->95539 95559->95542 95560->95544 95561->95521 95563 8893c0 95562->95563 95565 8893c9 __fread_nolock 95562->95565 95563->95565 95566 88aec9 95563->95566 95565->95515 95567 88aedc 95566->95567 95571 88aed9 __fread_nolock 95566->95571 95568 89fddb 22 API calls 95567->95568 95569 88aee7 95568->95569 95570 89fe0b 22 API calls 95569->95570 95570->95571 95571->95565 95573 883a67 GetModuleFileNameW 95572->95573 95573->95458 95575 8c1f50 __wsopen_s 95574->95575 95576 883aaf GetFullPathNameW 95575->95576 95577 883ae9 95576->95577 95578 883ace 95576->95578 95588 88a6c3 95577->95588 95579 886b57 22 API calls 95578->95579 95581 883ada 95579->95581 95584 8837a0 95581->95584 95585 8837ae 95584->95585 95586 8893b2 22 API calls 95585->95586 95587 8837c2 95586->95587 95587->95461 95589 88a6dd 95588->95589 95590 88a6d0 95588->95590 95591 89fddb 22 API calls 95589->95591 95590->95581 95592 88a6e7 95591->95592 95593 89fe0b 22 API calls 95592->95593 95593->95590 95595 8833fe _wcslen 95594->95595 95596 8c311d 95595->95596 95597 883411 95595->95597 95599 89fddb 22 API calls 95596->95599 95604 88a587 95597->95604 95601 8c3127 95599->95601 95600 88341e __fread_nolock 95600->95473 95602 89fe0b 22 API calls 95601->95602 95603 8c3157 __fread_nolock 95602->95603 95605 88a598 __fread_nolock 95604->95605 95606 88a59d 95604->95606 95605->95600 95607 89fe0b 22 API calls 95606->95607 95608 8cf80f 95606->95608 95607->95605 95609 882de3 95610 882df0 __wsopen_s 95609->95610 95611 882e09 95610->95611 95613 8c2c2b ___scrt_fastfail 95610->95613 95612 883aa2 23 API calls 95611->95612 95614 882e12 95612->95614 95615 8c2c47 GetOpenFileNameW 95613->95615 95625 882da5 95614->95625 95616 8c2c96 95615->95616 95618 886b57 22 API calls 95616->95618 95620 8c2cab 95618->95620 95620->95620 95622 882e27 95643 8844a8 95622->95643 95626 8c1f50 __wsopen_s 95625->95626 95627 882db2 GetLongPathNameW 95626->95627 95628 886b57 22 API calls 95627->95628 95629 882dda 95628->95629 95630 883598 95629->95630 95672 88a961 95630->95672 95633 883aa2 23 API calls 95634 8835b5 95633->95634 95635 8c32eb 95634->95635 95636 8835c0 95634->95636 95641 8c330d 95635->95641 95689 89ce60 41 API calls 95635->95689 95677 88515f 95636->95677 95642 8835df 95642->95622 95690 884ecb 95643->95690 95646 8c3833 95712 8f2cf9 95646->95712 95648 884ecb 94 API calls 95650 8844e1 95648->95650 95649 8c3848 95651 8c384c 95649->95651 95652 8c3869 95649->95652 95650->95646 95653 8844e9 95650->95653 95739 884f39 95651->95739 95655 89fe0b 22 API calls 95652->95655 95656 8c3854 95653->95656 95657 8844f5 95653->95657 95665 8c38ae 95655->95665 95745 8eda5a 82 API calls 95656->95745 95738 88940c 136 API calls 2 library calls 95657->95738 95660 882e31 95661 8c3862 95661->95652 95662 884f39 68 API calls 95663 8c3a5f 95662->95663 95663->95662 95751 8e989b 82 API calls __wsopen_s 95663->95751 95665->95663 95669 889cb3 22 API calls 95665->95669 95746 8e967e 22 API calls __fread_nolock 95665->95746 95747 8e95ad 42 API calls _wcslen 95665->95747 95748 8f0b5a 22 API calls 95665->95748 95749 88a4a1 22 API calls __fread_nolock 95665->95749 95750 883ff7 22 API calls 95665->95750 95669->95665 95673 89fe0b 22 API calls 95672->95673 95674 88a976 95673->95674 95675 89fddb 22 API calls 95674->95675 95676 8835aa 95675->95676 95676->95633 95678 88516e 95677->95678 95682 88518f __fread_nolock 95677->95682 95680 89fe0b 22 API calls 95678->95680 95679 89fddb 22 API calls 95681 8835cc 95679->95681 95680->95682 95683 8835f3 95681->95683 95682->95679 95684 883605 95683->95684 95688 883624 __fread_nolock 95683->95688 95687 89fe0b 22 API calls 95684->95687 95685 89fddb 22 API calls 95686 88363b 95685->95686 95686->95642 95687->95688 95688->95685 95689->95635 95752 884e90 LoadLibraryA 95690->95752 95695 8c3ccf 95697 884f39 68 API calls 95695->95697 95696 884ef6 LoadLibraryExW 95760 884e59 LoadLibraryA 95696->95760 95699 8c3cd6 95697->95699 95702 884e59 3 API calls 95699->95702 95704 8c3cde 95702->95704 95703 884f20 95703->95704 95705 884f2c 95703->95705 95782 8850f5 40 API calls __fread_nolock 95704->95782 95706 884f39 68 API calls 95705->95706 95708 8844cd 95706->95708 95708->95646 95708->95648 95709 8c3cf5 95783 8f28fe 27 API calls 95709->95783 95711 8c3d05 95713 8f2d15 95712->95713 95850 88511f 64 API calls 95713->95850 95715 8f2d29 95851 8f2e66 75 API calls 95715->95851 95717 8f2d3b 95735 8f2d3f 95717->95735 95852 8850f5 40 API calls __fread_nolock 95717->95852 95719 8f2d56 95853 8850f5 40 API calls __fread_nolock 95719->95853 95721 8f2d66 95854 8850f5 40 API calls __fread_nolock 95721->95854 95723 8f2d81 95855 8850f5 40 API calls __fread_nolock 95723->95855 95725 8f2d9c 95856 88511f 64 API calls 95725->95856 95727 8f2db3 95728 8aea0c ___std_exception_copy 21 API calls 95727->95728 95729 8f2dba 95728->95729 95730 8aea0c ___std_exception_copy 21 API calls 95729->95730 95731 8f2dc4 95730->95731 95857 8850f5 40 API calls __fread_nolock 95731->95857 95733 8f2dd8 95858 8f28fe 27 API calls 95733->95858 95735->95649 95736 8f2dee 95736->95735 95859 8f22ce 95736->95859 95738->95660 95740 884f4a 95739->95740 95741 884f43 95739->95741 95743 884f59 95740->95743 95744 884f6a FreeLibrary 95740->95744 95742 8ae678 67 API calls 95741->95742 95742->95740 95743->95656 95744->95743 95745->95661 95746->95665 95747->95665 95748->95665 95749->95665 95750->95665 95751->95663 95753 884ea8 GetProcAddress 95752->95753 95754 884ec6 95752->95754 95755 884eb8 95753->95755 95757 8ae5eb 95754->95757 95755->95754 95756 884ebf FreeLibrary 95755->95756 95756->95754 95784 8ae52a 95757->95784 95759 884eea 95759->95695 95759->95696 95761 884e8d 95760->95761 95762 884e6e GetProcAddress 95760->95762 95765 884f80 95761->95765 95763 884e7e 95762->95763 95763->95761 95764 884e86 FreeLibrary 95763->95764 95764->95761 95766 89fe0b 22 API calls 95765->95766 95767 884f95 95766->95767 95836 885722 95767->95836 95769 884fa1 __fread_nolock 95770 8c3d1d 95769->95770 95771 8850a5 95769->95771 95781 884fdc 95769->95781 95847 8f304d 74 API calls 95770->95847 95839 8842a2 CreateStreamOnHGlobal 95771->95839 95774 8c3d22 95848 88511f 64 API calls 95774->95848 95777 8c3d45 95849 8850f5 40 API calls __fread_nolock 95777->95849 95780 88506e messages 95780->95703 95781->95774 95781->95780 95845 8850f5 40 API calls __fread_nolock 95781->95845 95846 88511f 64 API calls 95781->95846 95782->95709 95783->95711 95785 8ae536 __FrameHandler3::FrameUnwindToState 95784->95785 95786 8ae544 95785->95786 95788 8ae574 95785->95788 95809 8af2d9 20 API calls __dosmaperr 95786->95809 95791 8ae579 95788->95791 95792 8ae586 95788->95792 95789 8ae549 95810 8b27ec 26 API calls pre_c_initialization 95789->95810 95811 8af2d9 20 API calls __dosmaperr 95791->95811 95801 8b8061 95792->95801 95795 8ae58f 95796 8ae5a2 95795->95796 95797 8ae595 95795->95797 95813 8ae5d4 LeaveCriticalSection __fread_nolock 95796->95813 95812 8af2d9 20 API calls __dosmaperr 95797->95812 95798 8ae554 __wsopen_s 95798->95759 95802 8b806d __FrameHandler3::FrameUnwindToState 95801->95802 95814 8b2f5e EnterCriticalSection 95802->95814 95804 8b807b 95815 8b80fb 95804->95815 95808 8b80ac __wsopen_s 95808->95795 95809->95789 95810->95798 95811->95798 95812->95798 95813->95798 95814->95804 95822 8b811e 95815->95822 95816 8b8177 95817 8b4c7d __dosmaperr 20 API calls 95816->95817 95818 8b8180 95817->95818 95820 8b29c8 _free 20 API calls 95818->95820 95821 8b8189 95820->95821 95827 8b8088 95821->95827 95833 8b3405 11 API calls 2 library calls 95821->95833 95822->95816 95822->95822 95822->95827 95831 8a918d EnterCriticalSection 95822->95831 95832 8a91a1 LeaveCriticalSection 95822->95832 95824 8b81a8 95834 8a918d EnterCriticalSection 95824->95834 95828 8b80b7 95827->95828 95835 8b2fa6 LeaveCriticalSection 95828->95835 95830 8b80be 95830->95808 95831->95822 95832->95822 95833->95824 95834->95827 95835->95830 95837 89fddb 22 API calls 95836->95837 95838 885734 95837->95838 95838->95769 95840 8842d9 95839->95840 95841 8842bc FindResourceExW 95839->95841 95840->95781 95841->95840 95842 8c35ba LoadResource 95841->95842 95842->95840 95843 8c35cf SizeofResource 95842->95843 95843->95840 95844 8c35e3 LockResource 95843->95844 95844->95840 95845->95781 95846->95781 95847->95774 95848->95777 95849->95780 95850->95715 95851->95717 95852->95719 95853->95721 95854->95723 95855->95725 95856->95727 95857->95733 95858->95736 95860 8f22d9 95859->95860 95861 8f22e7 95859->95861 95862 8ae5eb 29 API calls 95860->95862 95863 8f232c 95861->95863 95864 8ae5eb 29 API calls 95861->95864 95874 8f22f0 95861->95874 95862->95861 95888 8f2557 40 API calls __fread_nolock 95863->95888 95866 8f2311 95864->95866 95866->95863 95868 8f231a 95866->95868 95867 8f2370 95869 8f2395 95867->95869 95870 8f2374 95867->95870 95868->95874 95896 8ae678 95868->95896 95889 8f2171 95869->95889 95872 8f2381 95870->95872 95876 8ae678 67 API calls 95870->95876 95872->95874 95879 8ae678 67 API calls 95872->95879 95874->95735 95875 8f239d 95877 8f23c3 95875->95877 95878 8f23a3 95875->95878 95876->95872 95909 8f23f3 74 API calls 95877->95909 95880 8f23b0 95878->95880 95882 8ae678 67 API calls 95878->95882 95879->95874 95880->95874 95883 8ae678 67 API calls 95880->95883 95882->95880 95883->95874 95884 8f23ca 95885 8f23de 95884->95885 95886 8ae678 67 API calls 95884->95886 95885->95874 95887 8ae678 67 API calls 95885->95887 95886->95885 95887->95874 95888->95867 95890 8aea0c ___std_exception_copy 21 API calls 95889->95890 95891 8f217f 95890->95891 95892 8aea0c ___std_exception_copy 21 API calls 95891->95892 95893 8f2190 95892->95893 95894 8aea0c ___std_exception_copy 21 API calls 95893->95894 95895 8f219c 95894->95895 95895->95875 95897 8ae684 __FrameHandler3::FrameUnwindToState 95896->95897 95898 8ae6aa 95897->95898 95899 8ae695 95897->95899 95908 8ae6a5 __wsopen_s 95898->95908 95910 8a918d EnterCriticalSection 95898->95910 95927 8af2d9 20 API calls __dosmaperr 95899->95927 95901 8ae69a 95928 8b27ec 26 API calls pre_c_initialization 95901->95928 95904 8ae6c6 95911 8ae602 95904->95911 95906 8ae6d1 95929 8ae6ee LeaveCriticalSection __fread_nolock 95906->95929 95908->95874 95909->95884 95910->95904 95912 8ae60f 95911->95912 95913 8ae624 95911->95913 95962 8af2d9 20 API calls __dosmaperr 95912->95962 95919 8ae61f 95913->95919 95930 8adc0b 95913->95930 95915 8ae614 95963 8b27ec 26 API calls pre_c_initialization 95915->95963 95919->95906 95923 8ae646 95947 8b862f 95923->95947 95926 8b29c8 _free 20 API calls 95926->95919 95927->95901 95928->95908 95929->95908 95931 8adc1f 95930->95931 95932 8adc23 95930->95932 95936 8b4d7a 95931->95936 95932->95931 95933 8ad955 __fread_nolock 26 API calls 95932->95933 95934 8adc43 95933->95934 95964 8b59be 62 API calls 5 library calls 95934->95964 95937 8b4d90 95936->95937 95938 8ae640 95936->95938 95937->95938 95939 8b29c8 _free 20 API calls 95937->95939 95940 8ad955 95938->95940 95939->95938 95941 8ad961 95940->95941 95942 8ad976 95940->95942 95965 8af2d9 20 API calls __dosmaperr 95941->95965 95942->95923 95944 8ad966 95966 8b27ec 26 API calls pre_c_initialization 95944->95966 95946 8ad971 95946->95923 95948 8b863e 95947->95948 95949 8b8653 95947->95949 95970 8af2c6 20 API calls __dosmaperr 95948->95970 95951 8b868e 95949->95951 95956 8b867a 95949->95956 95972 8af2c6 20 API calls __dosmaperr 95951->95972 95953 8b8643 95971 8af2d9 20 API calls __dosmaperr 95953->95971 95954 8b8693 95973 8af2d9 20 API calls __dosmaperr 95954->95973 95967 8b8607 95956->95967 95959 8b869b 95974 8b27ec 26 API calls pre_c_initialization 95959->95974 95960 8ae64c 95960->95919 95960->95926 95962->95915 95963->95919 95964->95931 95965->95944 95966->95946 95975 8b8585 95967->95975 95969 8b862b 95969->95960 95970->95953 95971->95960 95972->95954 95973->95959 95974->95960 95976 8b8591 __FrameHandler3::FrameUnwindToState 95975->95976 95986 8b5147 EnterCriticalSection 95976->95986 95978 8b859f 95979 8b85d1 95978->95979 95980 8b85c6 95978->95980 95987 8af2d9 20 API calls __dosmaperr 95979->95987 95981 8b86ae __wsopen_s 29 API calls 95980->95981 95983 8b85cc 95981->95983 95988 8b85fb LeaveCriticalSection __wsopen_s 95983->95988 95985 8b85ee __wsopen_s 95985->95969 95986->95978 95987->95983 95988->95985 95989 881044 95994 8810f3 95989->95994 95991 88104a 96030 8a00a3 29 API calls __onexit 95991->96030 95993 881054 96031 881398 95994->96031 95998 88116a 95999 88a961 22 API calls 95998->95999 96000 881174 95999->96000 96001 88a961 22 API calls 96000->96001 96002 88117e 96001->96002 96003 88a961 22 API calls 96002->96003 96004 881188 96003->96004 96005 88a961 22 API calls 96004->96005 96006 8811c6 96005->96006 96007 88a961 22 API calls 96006->96007 96008 881292 96007->96008 96041 88171c 96008->96041 96012 8812c4 96013 88a961 22 API calls 96012->96013 96014 8812ce 96013->96014 96062 891940 96014->96062 96016 8812f9 96072 881aab 96016->96072 96018 881315 96019 881325 GetStdHandle 96018->96019 96020 88137a 96019->96020 96021 8c2485 96019->96021 96025 881387 OleInitialize 96020->96025 96021->96020 96022 8c248e 96021->96022 96023 89fddb 22 API calls 96022->96023 96024 8c2495 96023->96024 96079 8f011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96024->96079 96025->95991 96027 8c249e 96080 8f0944 CreateThread 96027->96080 96029 8c24aa CloseHandle 96029->96020 96030->95993 96081 8813f1 96031->96081 96034 8813f1 22 API calls 96035 8813d0 96034->96035 96036 88a961 22 API calls 96035->96036 96037 8813dc 96036->96037 96038 886b57 22 API calls 96037->96038 96039 881129 96038->96039 96040 881bc3 6 API calls 96039->96040 96040->95998 96042 88a961 22 API calls 96041->96042 96043 88172c 96042->96043 96044 88a961 22 API calls 96043->96044 96045 881734 96044->96045 96046 88a961 22 API calls 96045->96046 96047 88174f 96046->96047 96048 89fddb 22 API calls 96047->96048 96049 88129c 96048->96049 96050 881b4a 96049->96050 96051 881b58 96050->96051 96052 88a961 22 API calls 96051->96052 96053 881b63 96052->96053 96054 88a961 22 API calls 96053->96054 96055 881b6e 96054->96055 96056 88a961 22 API calls 96055->96056 96057 881b79 96056->96057 96058 88a961 22 API calls 96057->96058 96059 881b84 96058->96059 96060 89fddb 22 API calls 96059->96060 96061 881b96 RegisterWindowMessageW 96060->96061 96061->96012 96063 891981 96062->96063 96064 89195d 96062->96064 96088 8a0242 5 API calls __Init_thread_wait 96063->96088 96065 89196e 96064->96065 96090 8a0242 5 API calls __Init_thread_wait 96064->96090 96065->96016 96068 89198b 96068->96064 96089 8a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96068->96089 96069 898727 96069->96065 96091 8a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96069->96091 96073 8c272d 96072->96073 96074 881abb 96072->96074 96092 8f3209 23 API calls 96073->96092 96075 89fddb 22 API calls 96074->96075 96077 881ac3 96075->96077 96077->96018 96078 8c2738 96079->96027 96080->96029 96093 8f092a 28 API calls 96080->96093 96082 88a961 22 API calls 96081->96082 96083 8813fc 96082->96083 96084 88a961 22 API calls 96083->96084 96085 881404 96084->96085 96086 88a961 22 API calls 96085->96086 96087 8813c6 96086->96087 96087->96034 96088->96068 96089->96064 96090->96069 96091->96065 96092->96078 96094 8d2a00 96095 88d7b0 messages 96094->96095 96096 88db11 PeekMessageW 96095->96096 96097 88d807 GetInputState 96095->96097 96099 8d1cbe TranslateAcceleratorW 96095->96099 96100 88da04 timeGetTime 96095->96100 96101 88db8f PeekMessageW 96095->96101 96102 88db73 TranslateMessage DispatchMessageW 96095->96102 96103 88dbaf Sleep 96095->96103 96104 8d2b74 Sleep 96095->96104 96107 8d1dda timeGetTime 96095->96107 96115 88d9d5 96095->96115 96117 8d2a51 96095->96117 96126 88dd50 96095->96126 96133 891310 96095->96133 96190 88bf40 96095->96190 96248 89edf6 96095->96248 96253 88dfd0 348 API calls 3 library calls 96095->96253 96254 89e551 timeGetTime 96095->96254 96256 8f3a2a 23 API calls 96095->96256 96257 88ec40 96095->96257 96281 8f359c 82 API calls __wsopen_s 96095->96281 96096->96095 96097->96095 96097->96096 96099->96095 96100->96095 96101->96095 96102->96101 96103->96095 96104->96117 96255 89e300 23 API calls 96107->96255 96110 8d2c0b GetExitCodeProcess 96111 8d2c37 CloseHandle 96110->96111 96112 8d2c21 WaitForSingleObject 96110->96112 96111->96117 96112->96095 96112->96111 96113 9129bf GetForegroundWindow 96113->96117 96116 8d2ca9 Sleep 96116->96095 96117->96095 96117->96110 96117->96113 96117->96115 96117->96116 96282 905658 23 API calls 96117->96282 96283 8ee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96117->96283 96284 89e551 timeGetTime 96117->96284 96285 8ed4dc CreateToolhelp32Snapshot Process32FirstW 96117->96285 96127 88dd6f 96126->96127 96129 88dd83 96126->96129 96295 88d260 96127->96295 96327 8f359c 82 API calls __wsopen_s 96129->96327 96130 88dd7a 96130->96095 96132 8d2f75 96132->96132 96134 8917b0 96133->96134 96135 891376 96133->96135 96366 8a0242 5 API calls __Init_thread_wait 96134->96366 96136 891390 96135->96136 96137 8d6331 96135->96137 96139 891940 9 API calls 96136->96139 96140 8d633d 96137->96140 96380 90709c 348 API calls 96137->96380 96143 8913a0 96139->96143 96140->96095 96142 8917ba 96144 8917fb 96142->96144 96146 889cb3 22 API calls 96142->96146 96145 891940 9 API calls 96143->96145 96148 8d6346 96144->96148 96150 89182c 96144->96150 96147 8913b6 96145->96147 96155 8917d4 96146->96155 96147->96144 96149 8913ec 96147->96149 96381 8f359c 82 API calls __wsopen_s 96148->96381 96149->96148 96169 891408 __fread_nolock 96149->96169 96368 88aceb 96150->96368 96153 891839 96378 89d217 348 API calls 96153->96378 96154 8d6369 96154->96095 96367 8a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96155->96367 96158 8d636e 96382 8f359c 82 API calls __wsopen_s 96158->96382 96160 89153c 96162 891940 9 API calls 96160->96162 96161 8d63d1 96384 905745 54 API calls _wcslen 96161->96384 96164 891549 96162->96164 96170 891940 9 API calls 96164->96170 96176 8d64fa 96164->96176 96165 89fddb 22 API calls 96165->96169 96166 891872 96379 89faeb 23 API calls 96166->96379 96167 89fe0b 22 API calls 96167->96169 96169->96153 96169->96154 96169->96158 96169->96165 96169->96167 96173 88ec40 348 API calls 96169->96173 96174 89152f 96169->96174 96175 8d63b2 96169->96175 96171 891563 96170->96171 96171->96176 96180 8915c7 messages 96171->96180 96385 88a8c7 22 API calls __fread_nolock 96171->96385 96173->96169 96174->96160 96174->96161 96383 8f359c 82 API calls __wsopen_s 96175->96383 96176->96154 96386 8f359c 82 API calls __wsopen_s 96176->96386 96179 891940 9 API calls 96179->96180 96180->96154 96180->96166 96180->96176 96180->96179 96182 89167b messages 96180->96182 96337 8f5c5a 96180->96337 96342 89f645 96180->96342 96349 911591 96180->96349 96352 90ab67 96180->96352 96355 90abf7 96180->96355 96360 90a2ea 96180->96360 96181 89171d 96181->96095 96182->96181 96365 89ce17 22 API calls messages 96182->96365 96560 88adf0 96190->96560 96192 88bf9d 96193 88bfa9 96192->96193 96194 8d04b6 96192->96194 96196 8d04c6 96193->96196 96197 88c01e 96193->96197 96578 8f359c 82 API calls __wsopen_s 96194->96578 96579 8f359c 82 API calls __wsopen_s 96196->96579 96565 88ac91 96197->96565 96200 8e7120 22 API calls 96244 88c039 __fread_nolock messages 96200->96244 96201 88c7da 96205 89fe0b 22 API calls 96201->96205 96210 88c808 __fread_nolock 96205->96210 96207 8d04f5 96211 8d055a 96207->96211 96580 89d217 348 API calls 96207->96580 96214 89fe0b 22 API calls 96210->96214 96233 88c603 96211->96233 96581 8f359c 82 API calls __wsopen_s 96211->96581 96212 88af8a 22 API calls 96212->96244 96213 8d091a 96590 8f3209 23 API calls 96213->96590 96245 88c350 __fread_nolock messages 96214->96245 96217 88ec40 348 API calls 96217->96244 96218 8d08a5 96219 88ec40 348 API calls 96218->96219 96221 8d08cf 96219->96221 96221->96233 96588 88a81b 41 API calls 96221->96588 96222 8d0591 96582 8f359c 82 API calls __wsopen_s 96222->96582 96223 8d08f6 96589 8f359c 82 API calls __wsopen_s 96223->96589 96228 89fddb 22 API calls 96228->96244 96229 88c237 96231 88c253 96229->96231 96591 88a8c7 22 API calls __fread_nolock 96229->96591 96230 88aceb 23 API calls 96230->96244 96234 8d0976 96231->96234 96238 88c297 messages 96231->96238 96233->96095 96236 88aceb 23 API calls 96234->96236 96237 8d09bf 96236->96237 96237->96233 96592 8f359c 82 API calls __wsopen_s 96237->96592 96238->96237 96239 88aceb 23 API calls 96238->96239 96240 88c335 96239->96240 96240->96237 96241 88c342 96240->96241 96576 88a704 22 API calls messages 96241->96576 96242 88bbe0 40 API calls 96242->96244 96244->96200 96244->96201 96244->96207 96244->96210 96244->96211 96244->96212 96244->96213 96244->96217 96244->96218 96244->96222 96244->96223 96244->96228 96244->96229 96244->96230 96244->96233 96244->96237 96244->96242 96246 89fe0b 22 API calls 96244->96246 96569 88ad81 96244->96569 96583 8e7099 22 API calls __fread_nolock 96244->96583 96584 905745 54 API calls _wcslen 96244->96584 96585 89aa42 22 API calls messages 96244->96585 96586 8ef05c 40 API calls 96244->96586 96587 88a993 41 API calls 96244->96587 96247 88c3ac 96245->96247 96577 89ce17 22 API calls messages 96245->96577 96246->96244 96247->96095 96249 89ee09 96248->96249 96250 89ee12 96248->96250 96249->96095 96250->96249 96251 89ee36 IsDialogMessageW 96250->96251 96252 8defaf GetClassLongW 96250->96252 96251->96249 96251->96250 96252->96250 96252->96251 96253->96095 96254->96095 96255->96095 96256->96095 96278 88ec76 messages 96257->96278 96258 8a00a3 29 API calls pre_c_initialization 96258->96278 96259 88fef7 96274 88ed9d messages 96259->96274 96605 88a8c7 22 API calls __fread_nolock 96259->96605 96261 89fddb 22 API calls 96261->96278 96263 8d4b0b 96607 8f359c 82 API calls __wsopen_s 96263->96607 96264 88a8c7 22 API calls 96264->96278 96265 8d4600 96265->96274 96604 88a8c7 22 API calls __fread_nolock 96265->96604 96271 8a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96271->96278 96272 88fbe3 96272->96274 96275 8d4bdc 96272->96275 96280 88f3ae messages 96272->96280 96273 88a961 22 API calls 96273->96278 96274->96095 96608 8f359c 82 API calls __wsopen_s 96275->96608 96277 8d4beb 96609 8f359c 82 API calls __wsopen_s 96277->96609 96278->96258 96278->96259 96278->96261 96278->96263 96278->96264 96278->96265 96278->96271 96278->96272 96278->96273 96278->96274 96278->96277 96279 8a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96278->96279 96278->96280 96602 8901e0 348 API calls 2 library calls 96278->96602 96603 8906a0 41 API calls messages 96278->96603 96279->96278 96280->96274 96606 8f359c 82 API calls __wsopen_s 96280->96606 96281->96095 96282->96117 96283->96117 96284->96117 96610 8edef7 96285->96610 96287 8ed5db CloseHandle 96287->96117 96288 8ed529 Process32NextW 96288->96287 96293 8ed522 96288->96293 96289 88a961 22 API calls 96289->96293 96290 889cb3 22 API calls 96290->96293 96293->96287 96293->96288 96293->96289 96293->96290 96616 88525f 22 API calls 96293->96616 96617 886350 22 API calls 96293->96617 96618 89ce60 41 API calls 96293->96618 96296 88ec40 348 API calls 96295->96296 96298 88d29d 96296->96298 96297 88d30b messages 96297->96130 96298->96297 96299 88d6d5 96298->96299 96301 88d3c3 96298->96301 96307 88d4b8 96298->96307 96312 8d1bc4 96298->96312 96315 89fddb 22 API calls 96298->96315 96322 88d429 __fread_nolock messages 96298->96322 96299->96297 96308 89fe0b 22 API calls 96299->96308 96301->96299 96303 88d3ce 96301->96303 96302 88d5ff 96305 8d1bb5 96302->96305 96306 88d614 96302->96306 96304 89fddb 22 API calls 96303->96304 96314 88d3d5 __fread_nolock 96304->96314 96335 905705 23 API calls 96305->96335 96310 89fddb 22 API calls 96306->96310 96311 89fe0b 22 API calls 96307->96311 96308->96314 96320 88d46a 96310->96320 96311->96322 96336 8f359c 82 API calls __wsopen_s 96312->96336 96313 89fddb 22 API calls 96316 88d3f6 96313->96316 96314->96313 96314->96316 96315->96298 96316->96322 96328 88bec0 348 API calls 96316->96328 96318 8d1ba4 96334 8f359c 82 API calls __wsopen_s 96318->96334 96320->96130 96322->96302 96322->96318 96322->96320 96323 8d1b7f 96322->96323 96325 8d1b5d 96322->96325 96329 881f6f 96322->96329 96333 8f359c 82 API calls __wsopen_s 96323->96333 96332 8f359c 82 API calls __wsopen_s 96325->96332 96327->96132 96328->96322 96330 88ec40 348 API calls 96329->96330 96331 881f98 96330->96331 96331->96322 96332->96320 96333->96320 96334->96320 96335->96312 96336->96297 96387 887510 96337->96387 96341 8f5c77 96341->96180 96419 88b567 96342->96419 96344 89f659 96345 8df2dc Sleep 96344->96345 96346 89f661 timeGetTime 96344->96346 96347 88b567 39 API calls 96346->96347 96348 89f677 96347->96348 96348->96180 96425 912ad8 96349->96425 96351 91159f 96351->96180 96436 90aff9 96352->96436 96356 90aff9 217 API calls 96355->96356 96358 90ac0c 96356->96358 96357 90ac54 96357->96180 96358->96357 96359 88aceb 23 API calls 96358->96359 96359->96357 96361 887510 53 API calls 96360->96361 96362 90a306 96361->96362 96363 8ed4dc 47 API calls 96362->96363 96364 90a315 96363->96364 96364->96180 96365->96182 96366->96142 96367->96144 96369 88acf9 96368->96369 96373 88ad2a messages 96368->96373 96370 88ad55 96369->96370 96371 88ad01 messages 96369->96371 96370->96373 96558 88a8c7 22 API calls __fread_nolock 96370->96558 96371->96373 96374 8cfa48 96371->96374 96375 88ad21 96371->96375 96373->96153 96374->96373 96559 89ce17 22 API calls messages 96374->96559 96375->96373 96376 8cfa3a VariantClear 96375->96376 96376->96373 96378->96166 96379->96166 96380->96140 96381->96154 96382->96154 96383->96154 96384->96171 96385->96180 96386->96154 96388 887522 96387->96388 96389 887525 96387->96389 96410 8edbbe lstrlenW 96388->96410 96390 88755b 96389->96390 96391 88752d 96389->96391 96393 8c50f6 96390->96393 96396 88756d 96390->96396 96402 8c500f 96390->96402 96415 8a51c6 26 API calls 96391->96415 96418 8a5183 26 API calls 96393->96418 96394 88753d 96401 89fddb 22 API calls 96394->96401 96416 89fb21 51 API calls 96396->96416 96398 8c5088 96417 89fb21 51 API calls 96398->96417 96399 8c510e 96399->96399 96403 887547 96401->96403 96402->96398 96405 89fe0b 22 API calls 96402->96405 96404 889cb3 22 API calls 96403->96404 96404->96388 96407 8c5058 96405->96407 96406 89fddb 22 API calls 96408 8c507f 96406->96408 96407->96406 96409 889cb3 22 API calls 96408->96409 96409->96398 96411 8edbdc GetFileAttributesW 96410->96411 96412 8edc06 96410->96412 96411->96412 96413 8edbe8 FindFirstFileW 96411->96413 96412->96341 96413->96412 96414 8edbf9 FindClose 96413->96414 96414->96412 96415->96394 96416->96394 96417->96393 96418->96399 96420 88b578 96419->96420 96421 88b57f 96419->96421 96420->96421 96424 8a62d1 39 API calls 96420->96424 96421->96344 96423 88b5c2 96423->96344 96424->96423 96426 88aceb 23 API calls 96425->96426 96427 912af3 96426->96427 96428 912b1d 96427->96428 96429 912aff 96427->96429 96430 886b57 22 API calls 96428->96430 96431 887510 53 API calls 96429->96431 96432 912b1b 96430->96432 96433 912b0c 96431->96433 96432->96351 96433->96432 96435 88a8c7 22 API calls __fread_nolock 96433->96435 96435->96432 96437 90b01d ___scrt_fastfail 96436->96437 96438 90b094 96437->96438 96439 90b058 96437->96439 96442 88b567 39 API calls 96438->96442 96446 90b08b 96438->96446 96440 88b567 39 API calls 96439->96440 96443 90b063 96440->96443 96441 90b0ed 96444 887510 53 API calls 96441->96444 96445 90b0a5 96442->96445 96443->96446 96450 88b567 39 API calls 96443->96450 96448 90b10b 96444->96448 96449 88b567 39 API calls 96445->96449 96446->96441 96447 88b567 39 API calls 96446->96447 96447->96441 96527 887620 96448->96527 96449->96446 96451 90b078 96450->96451 96453 88b567 39 API calls 96451->96453 96453->96446 96454 90b115 96455 90b1d8 96454->96455 96456 90b11f 96454->96456 96457 90b20a GetCurrentDirectoryW 96455->96457 96459 887510 53 API calls 96455->96459 96458 887510 53 API calls 96456->96458 96460 89fe0b 22 API calls 96457->96460 96461 90b130 96458->96461 96462 90b1ef 96459->96462 96463 90b22f GetCurrentDirectoryW 96460->96463 96464 887620 22 API calls 96461->96464 96465 887620 22 API calls 96462->96465 96466 90b23c 96463->96466 96467 90b13a 96464->96467 96468 90b1f9 _wcslen 96465->96468 96470 90b275 96466->96470 96534 889c6e 22 API calls 96466->96534 96469 887510 53 API calls 96467->96469 96468->96457 96468->96470 96471 90b14b 96469->96471 96478 90b287 96470->96478 96479 90b28b 96470->96479 96473 887620 22 API calls 96471->96473 96475 90b155 96473->96475 96474 90b255 96535 889c6e 22 API calls 96474->96535 96477 887510 53 API calls 96475->96477 96481 90b166 96477->96481 96483 90b2f8 96478->96483 96484 90b39a CreateProcessW 96478->96484 96537 8f07c0 10 API calls 96479->96537 96480 90b265 96536 889c6e 22 API calls 96480->96536 96486 887620 22 API calls 96481->96486 96540 8e11c8 39 API calls 96483->96540 96494 90b32f _wcslen 96484->96494 96489 90b170 96486->96489 96487 90b294 96538 8f06e6 10 API calls 96487->96538 96492 90b1a6 GetSystemDirectoryW 96489->96492 96497 887510 53 API calls 96489->96497 96491 90b2fd 96495 90b323 96491->96495 96496 90b32a 96491->96496 96499 89fe0b 22 API calls 96492->96499 96493 90b2aa 96539 8f05a7 8 API calls 96493->96539 96507 90b3d6 GetLastError 96494->96507 96508 90b42f CloseHandle 96494->96508 96541 8e1201 128 API calls 2 library calls 96495->96541 96542 8e14ce 6 API calls 96496->96542 96502 90b187 96497->96502 96500 90b1cb GetSystemDirectoryW 96499->96500 96500->96466 96506 887620 22 API calls 96502->96506 96504 90b2d0 96504->96478 96505 90b328 96505->96494 96509 90b191 _wcslen 96506->96509 96519 90b41a 96507->96519 96510 90b43f 96508->96510 96520 90b49a 96508->96520 96509->96466 96509->96492 96512 90b451 96510->96512 96513 90b446 CloseHandle 96510->96513 96514 90b463 96512->96514 96515 90b458 CloseHandle 96512->96515 96513->96512 96517 90b475 96514->96517 96518 90b46a CloseHandle 96514->96518 96515->96514 96516 90b4a6 96516->96519 96543 8f09d9 34 API calls 96517->96543 96518->96517 96531 8f0175 96519->96531 96520->96516 96525 90b4d2 CloseHandle 96520->96525 96524 90b486 96544 90b536 25 API calls 96524->96544 96525->96519 96528 88762a _wcslen 96527->96528 96529 89fe0b 22 API calls 96528->96529 96530 88763f 96529->96530 96530->96454 96545 8f030f 96531->96545 96534->96474 96535->96480 96536->96470 96537->96487 96538->96493 96539->96504 96540->96491 96541->96505 96542->96494 96543->96524 96544->96520 96546 8f0329 96545->96546 96547 8f0321 CloseHandle 96545->96547 96548 8f032e CloseHandle 96546->96548 96549 8f0336 96546->96549 96547->96546 96548->96549 96550 8f033b CloseHandle 96549->96550 96551 8f0343 96549->96551 96550->96551 96552 8f0348 CloseHandle 96551->96552 96553 8f0350 96551->96553 96552->96553 96554 8f035d 96553->96554 96555 8f0355 CloseHandle 96553->96555 96556 8f017d 96554->96556 96557 8f0362 CloseHandle 96554->96557 96555->96554 96556->96180 96557->96556 96558->96373 96559->96373 96561 88ae01 96560->96561 96564 88ae1c messages 96560->96564 96562 88aec9 22 API calls 96561->96562 96563 88ae09 CharUpperBuffW 96562->96563 96563->96564 96564->96192 96566 88acae 96565->96566 96567 88acd1 96566->96567 96593 8f359c 82 API calls __wsopen_s 96566->96593 96567->96244 96570 8cfadb 96569->96570 96571 88ad92 96569->96571 96572 89fddb 22 API calls 96571->96572 96573 88ad99 96572->96573 96594 88adcd 96573->96594 96576->96245 96577->96245 96578->96196 96579->96233 96580->96211 96581->96233 96582->96233 96583->96244 96584->96244 96585->96244 96586->96244 96587->96244 96588->96223 96589->96233 96590->96229 96591->96231 96592->96233 96593->96567 96597 88addd 96594->96597 96595 88adb6 96595->96244 96596 89fddb 22 API calls 96596->96597 96597->96595 96597->96596 96598 88a961 22 API calls 96597->96598 96600 88adcd 22 API calls 96597->96600 96601 88a8c7 22 API calls __fread_nolock 96597->96601 96598->96597 96600->96597 96601->96597 96602->96278 96603->96278 96604->96274 96605->96274 96606->96274 96607->96274 96608->96277 96609->96274 96611 8edf02 96610->96611 96612 8edf19 96611->96612 96615 8edf1f 96611->96615 96619 8a63b2 GetStringTypeW _strftime 96611->96619 96620 8a62fb 39 API calls 96612->96620 96615->96293 96616->96293 96617->96293 96618->96293 96619->96611 96620->96615 96621 8c2402 96624 881410 96621->96624 96625 8c24b8 DestroyWindow 96624->96625 96626 88144f mciSendStringW 96624->96626 96639 8c24c4 96625->96639 96627 88146b 96626->96627 96628 8816c6 96626->96628 96629 881479 96627->96629 96627->96639 96628->96627 96630 8816d5 UnregisterHotKey 96628->96630 96657 88182e 96629->96657 96630->96628 96632 8c24d8 96632->96639 96663 886246 CloseHandle 96632->96663 96633 8c24e2 FindClose 96633->96639 96635 8c2509 96638 8c251c FreeLibrary 96635->96638 96640 8c252d 96635->96640 96637 88148e 96637->96640 96645 88149c 96637->96645 96638->96635 96639->96632 96639->96633 96639->96635 96641 8c2541 VirtualFree 96640->96641 96648 881509 96640->96648 96641->96640 96642 8814f8 CoUninitialize 96642->96648 96643 8c2589 96650 8c2598 messages 96643->96650 96664 8f32eb 6 API calls messages 96643->96664 96644 881514 96647 881524 96644->96647 96645->96642 96661 881944 VirtualFreeEx CloseHandle 96647->96661 96648->96643 96648->96644 96653 8c2627 96650->96653 96665 8e64d4 22 API calls messages 96650->96665 96652 88153a 96652->96650 96654 88161f 96652->96654 96653->96653 96654->96653 96662 881876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96654->96662 96656 8816c1 96658 88183b 96657->96658 96659 881480 96658->96659 96666 8e702a 22 API calls 96658->96666 96659->96635 96659->96637 96661->96652 96662->96656 96663->96632 96664->96643 96665->96650 96666->96658 96667 881098 96672 8842de 96667->96672 96671 8810a7 96673 88a961 22 API calls 96672->96673 96674 8842f5 GetVersionExW 96673->96674 96675 886b57 22 API calls 96674->96675 96676 884342 96675->96676 96677 8893b2 22 API calls 96676->96677 96691 884378 96676->96691 96678 88436c 96677->96678 96680 8837a0 22 API calls 96678->96680 96679 88441b GetCurrentProcess IsWow64Process 96681 884437 96679->96681 96680->96691 96682 88444f LoadLibraryA 96681->96682 96683 8c3824 GetSystemInfo 96681->96683 96684 88449c GetSystemInfo 96682->96684 96685 884460 GetProcAddress 96682->96685 96686 884476 96684->96686 96685->96684 96688 884470 GetNativeSystemInfo 96685->96688 96689 88447a FreeLibrary 96686->96689 96690 88109d 96686->96690 96687 8c37df 96688->96686 96689->96690 96692 8a00a3 29 API calls __onexit 96690->96692 96691->96679 96691->96687 96692->96671 96693 8a03fb 96694 8a0407 __FrameHandler3::FrameUnwindToState 96693->96694 96722 89feb1 96694->96722 96696 8a040e 96697 8a0561 96696->96697 96700 8a0438 96696->96700 96752 8a083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96697->96752 96699 8a0568 96745 8a4e52 96699->96745 96709 8a0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96700->96709 96733 8b247d 96700->96733 96707 8a0457 96713 8a04d8 96709->96713 96748 8a4e1a 38 API calls 3 library calls 96709->96748 96711 8a04de 96714 8a04f3 96711->96714 96741 8a0959 96713->96741 96749 8a0992 GetModuleHandleW 96714->96749 96716 8a04fa 96716->96699 96717 8a04fe 96716->96717 96718 8a0507 96717->96718 96750 8a4df5 28 API calls _abort 96717->96750 96751 8a0040 13 API calls 2 library calls 96718->96751 96721 8a050f 96721->96707 96723 89feba 96722->96723 96754 8a0698 IsProcessorFeaturePresent 96723->96754 96725 89fec6 96755 8a2c94 10 API calls 3 library calls 96725->96755 96727 89fecb 96728 89fecf 96727->96728 96756 8b2317 96727->96756 96728->96696 96731 89fee6 96731->96696 96734 8b2494 96733->96734 96735 8a0a8c CatchGuardHandler 5 API calls 96734->96735 96736 8a0451 96735->96736 96736->96707 96737 8b2421 96736->96737 96738 8b2450 96737->96738 96739 8a0a8c CatchGuardHandler 5 API calls 96738->96739 96740 8b2479 96739->96740 96740->96709 96807 8a2340 96741->96807 96744 8a097f 96744->96711 96809 8a4bcf 96745->96809 96748->96713 96749->96716 96750->96718 96751->96721 96752->96699 96754->96725 96755->96727 96760 8bd1f6 96756->96760 96759 8a2cbd 8 API calls 3 library calls 96759->96728 96763 8bd213 96760->96763 96764 8bd20f 96760->96764 96762 89fed8 96762->96731 96762->96759 96763->96764 96766 8b4bfb 96763->96766 96778 8a0a8c 96764->96778 96767 8b4c07 __FrameHandler3::FrameUnwindToState 96766->96767 96785 8b2f5e EnterCriticalSection 96767->96785 96769 8b4c0e 96786 8b50af 96769->96786 96771 8b4c1d 96772 8b4c2c 96771->96772 96799 8b4a8f 29 API calls 96771->96799 96801 8b4c48 LeaveCriticalSection _abort 96772->96801 96775 8b4c27 96800 8b4b45 GetStdHandle GetFileType 96775->96800 96776 8b4c3d __wsopen_s 96776->96763 96779 8a0a97 IsProcessorFeaturePresent 96778->96779 96780 8a0a95 96778->96780 96782 8a0c5d 96779->96782 96780->96762 96806 8a0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96782->96806 96784 8a0d40 96784->96762 96785->96769 96787 8b50bb __FrameHandler3::FrameUnwindToState 96786->96787 96788 8b50c8 96787->96788 96789 8b50df 96787->96789 96803 8af2d9 20 API calls __dosmaperr 96788->96803 96802 8b2f5e EnterCriticalSection 96789->96802 96792 8b50cd 96804 8b27ec 26 API calls pre_c_initialization 96792->96804 96793 8b50eb 96796 8b5000 __wsopen_s 21 API calls 96793->96796 96798 8b5117 96793->96798 96796->96793 96797 8b50d7 __wsopen_s 96797->96771 96805 8b513e LeaveCriticalSection _abort 96798->96805 96799->96775 96800->96772 96801->96776 96802->96793 96803->96792 96804->96797 96805->96797 96806->96784 96808 8a096c GetStartupInfoW 96807->96808 96808->96744 96810 8a4bdb __FrameHandler3::FrameUnwindToState 96809->96810 96811 8a4be2 96810->96811 96812 8a4bf4 96810->96812 96848 8a4d29 GetModuleHandleW 96811->96848 96833 8b2f5e EnterCriticalSection 96812->96833 96815 8a4be7 96815->96812 96849 8a4d6d GetModuleHandleExW 96815->96849 96816 8a4c99 96837 8a4cd9 96816->96837 96819 8a4bfb 96819->96816 96821 8a4c70 96819->96821 96834 8b21a8 96819->96834 96825 8a4c88 96821->96825 96829 8b2421 _abort 5 API calls 96821->96829 96823 8a4ce2 96857 8c1d29 5 API calls CatchGuardHandler 96823->96857 96824 8a4cb6 96840 8a4ce8 96824->96840 96830 8b2421 _abort 5 API calls 96825->96830 96829->96825 96830->96816 96833->96819 96858 8b1ee1 96834->96858 96877 8b2fa6 LeaveCriticalSection 96837->96877 96839 8a4cb2 96839->96823 96839->96824 96878 8b360c 96840->96878 96843 8a4d16 96846 8a4d6d _abort 8 API calls 96843->96846 96844 8a4cf6 GetPEB 96844->96843 96845 8a4d06 GetCurrentProcess TerminateProcess 96844->96845 96845->96843 96847 8a4d1e ExitProcess 96846->96847 96848->96815 96850 8a4dba 96849->96850 96851 8a4d97 GetProcAddress 96849->96851 96852 8a4dc9 96850->96852 96853 8a4dc0 FreeLibrary 96850->96853 96855 8a4dac 96851->96855 96854 8a0a8c CatchGuardHandler 5 API calls 96852->96854 96853->96852 96856 8a4bf3 96854->96856 96855->96850 96856->96812 96861 8b1e90 96858->96861 96860 8b1f05 96860->96821 96862 8b1e9c __FrameHandler3::FrameUnwindToState 96861->96862 96869 8b2f5e EnterCriticalSection 96862->96869 96864 8b1eaa 96870 8b1f31 96864->96870 96868 8b1ec8 __wsopen_s 96868->96860 96869->96864 96873 8b1f59 96870->96873 96875 8b1f51 96870->96875 96871 8a0a8c CatchGuardHandler 5 API calls 96872 8b1eb7 96871->96872 96876 8b1ed5 LeaveCriticalSection _abort 96872->96876 96874 8b29c8 _free 20 API calls 96873->96874 96873->96875 96874->96875 96875->96871 96876->96868 96877->96839 96879 8b3631 96878->96879 96880 8b3627 96878->96880 96885 8b2fd7 5 API calls 2 library calls 96879->96885 96882 8a0a8c CatchGuardHandler 5 API calls 96880->96882 96883 8a4cf2 96882->96883 96883->96843 96883->96844 96884 8b3648 96884->96880 96885->96884 96886 88105b 96891 88344d 96886->96891 96888 88106a 96922 8a00a3 29 API calls __onexit 96888->96922 96890 881074 96892 88345d __wsopen_s 96891->96892 96893 88a961 22 API calls 96892->96893 96894 883513 96893->96894 96895 883a5a 24 API calls 96894->96895 96896 88351c 96895->96896 96923 883357 96896->96923 96899 8833c6 22 API calls 96900 883535 96899->96900 96901 88515f 22 API calls 96900->96901 96902 883544 96901->96902 96903 88a961 22 API calls 96902->96903 96904 88354d 96903->96904 96905 88a6c3 22 API calls 96904->96905 96906 883556 RegOpenKeyExW 96905->96906 96907 8c3176 RegQueryValueExW 96906->96907 96911 883578 96906->96911 96908 8c320c RegCloseKey 96907->96908 96909 8c3193 96907->96909 96908->96911 96920 8c321e _wcslen 96908->96920 96910 89fe0b 22 API calls 96909->96910 96912 8c31ac 96910->96912 96911->96888 96913 885722 22 API calls 96912->96913 96914 8c31b7 RegQueryValueExW 96913->96914 96915 8c31d4 96914->96915 96917 8c31ee messages 96914->96917 96916 886b57 22 API calls 96915->96916 96916->96917 96917->96908 96918 889cb3 22 API calls 96918->96920 96919 88515f 22 API calls 96919->96920 96920->96911 96920->96918 96920->96919 96921 884c6d 22 API calls 96920->96921 96921->96920 96922->96890 96924 8c1f50 __wsopen_s 96923->96924 96925 883364 GetFullPathNameW 96924->96925 96926 883386 96925->96926 96927 886b57 22 API calls 96926->96927 96928 8833a4 96927->96928 96928->96899 96929 88defc 96932 881d6f 96929->96932 96931 88df07 96933 881d8c 96932->96933 96934 881f6f 348 API calls 96933->96934 96935 881da6 96934->96935 96936 8c2759 96935->96936 96938 881e36 96935->96938 96939 881dc2 96935->96939 96942 8f359c 82 API calls __wsopen_s 96936->96942 96938->96931 96939->96938 96941 88289a 23 API calls 96939->96941 96941->96938 96942->96938 96943 88f7bf 96944 88f7d3 96943->96944 96945 88fcb6 96943->96945 96947 88fcc2 96944->96947 96948 89fddb 22 API calls 96944->96948 96946 88aceb 23 API calls 96945->96946 96946->96947 96949 88aceb 23 API calls 96947->96949 96950 88f7e5 96948->96950 96952 88fd3d 96949->96952 96950->96947 96951 88f83e 96950->96951 96950->96952 96954 891310 348 API calls 96951->96954 96976 88ed9d messages 96951->96976 96980 8f1155 22 API calls 96952->96980 96975 88ec76 messages 96954->96975 96955 89fddb 22 API calls 96955->96975 96956 88fef7 96956->96976 96982 88a8c7 22 API calls __fread_nolock 96956->96982 96959 8d4b0b 96984 8f359c 82 API calls __wsopen_s 96959->96984 96960 8d4600 96960->96976 96981 88a8c7 22 API calls __fread_nolock 96960->96981 96965 88a8c7 22 API calls 96965->96975 96967 8a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96967->96975 96968 88fbe3 96971 8d4bdc 96968->96971 96968->96976 96977 88f3ae messages 96968->96977 96969 88a961 22 API calls 96969->96975 96970 8a00a3 29 API calls pre_c_initialization 96970->96975 96985 8f359c 82 API calls __wsopen_s 96971->96985 96973 8d4beb 96986 8f359c 82 API calls __wsopen_s 96973->96986 96974 8a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96974->96975 96975->96955 96975->96956 96975->96959 96975->96960 96975->96965 96975->96967 96975->96968 96975->96969 96975->96970 96975->96973 96975->96974 96975->96976 96975->96977 96978 8901e0 348 API calls 2 library calls 96975->96978 96979 8906a0 41 API calls messages 96975->96979 96977->96976 96983 8f359c 82 API calls __wsopen_s 96977->96983 96978->96975 96979->96975 96980->96976 96981->96976 96982->96976 96983->96976 96984->96976 96985->96973 96986->96976 96987 8d3f75 96998 89ceb1 96987->96998 96989 8d3f8b 96997 8d4006 96989->96997 97007 89e300 23 API calls 96989->97007 96991 88bf40 348 API calls 96992 8d4052 96991->96992 96994 8d4a88 96992->96994 97009 8f359c 82 API calls __wsopen_s 96992->97009 96995 8d3fe6 96995->96992 97008 8f1abf 22 API calls 96995->97008 96997->96991 96999 89cebf 96998->96999 97000 89ced2 96998->97000 97003 88aceb 23 API calls 96999->97003 97001 89cf05 97000->97001 97002 89ced7 97000->97002 97005 88aceb 23 API calls 97001->97005 97004 89fddb 22 API calls 97002->97004 97006 89cec9 97003->97006 97004->97006 97005->97006 97006->96989 97007->96995 97008->96997 97009->96994 97010 881033 97015 884c91 97010->97015 97014 881042 97016 88a961 22 API calls 97015->97016 97017 884cff 97016->97017 97023 883af0 97017->97023 97020 884d9c 97021 881038 97020->97021 97026 8851f7 22 API calls __fread_nolock 97020->97026 97022 8a00a3 29 API calls __onexit 97021->97022 97022->97014 97027 883b1c 97023->97027 97026->97020 97028 883b0f 97027->97028 97029 883b29 97027->97029 97028->97020 97029->97028 97030 883b30 RegOpenKeyExW 97029->97030 97030->97028 97031 883b4a RegQueryValueExW 97030->97031 97032 883b6b 97031->97032 97033 883b80 RegCloseKey 97031->97033 97032->97033 97033->97028 97034 88fe73 97035 89ceb1 23 API calls 97034->97035 97036 88fe89 97035->97036 97041 89cf92 97036->97041 97038 88feb3 97053 8f359c 82 API calls __wsopen_s 97038->97053 97040 8d4ab8 97042 886270 22 API calls 97041->97042 97043 89cfc9 97042->97043 97044 889cb3 22 API calls 97043->97044 97047 89cffa 97043->97047 97045 8dd166 97044->97045 97054 886350 22 API calls 97045->97054 97047->97038 97048 8dd171 97055 89d2f0 40 API calls 97048->97055 97050 8dd184 97051 88aceb 23 API calls 97050->97051 97052 8dd188 97050->97052 97051->97052 97052->97052 97053->97040 97054->97048 97055->97050 97056 883156 97059 883170 97056->97059 97060 883187 97059->97060 97061 8831e9 97060->97061 97062 8831eb 97060->97062 97063 88318c 97060->97063 97066 8831d0 DefWindowProcW 97061->97066 97067 8c2dfb 97062->97067 97068 8831f1 97062->97068 97064 883199 97063->97064 97065 883265 PostQuitMessage 97063->97065 97070 8c2e7c 97064->97070 97071 8831a4 97064->97071 97072 88316a 97065->97072 97066->97072 97114 8818e2 10 API calls 97067->97114 97073 8831f8 97068->97073 97074 88321d SetTimer RegisterWindowMessageW 97068->97074 97117 8ebf30 34 API calls ___scrt_fastfail 97070->97117 97076 8c2e68 97071->97076 97077 8831ae 97071->97077 97080 8c2d9c 97073->97080 97081 883201 KillTimer 97073->97081 97074->97072 97078 883246 CreatePopupMenu 97074->97078 97075 8c2e1c 97115 89e499 42 API calls 97075->97115 97104 8ec161 97076->97104 97084 8c2e4d 97077->97084 97085 8831b9 97077->97085 97078->97072 97087 8c2dd7 MoveWindow 97080->97087 97088 8c2da1 97080->97088 97089 8830f2 Shell_NotifyIconW 97081->97089 97084->97066 97116 8e0ad7 22 API calls 97084->97116 97090 8831c4 97085->97090 97091 883253 97085->97091 97086 8c2e8e 97086->97066 97086->97072 97087->97072 97092 8c2dc6 SetFocus 97088->97092 97093 8c2da7 97088->97093 97094 883214 97089->97094 97090->97066 97101 8830f2 Shell_NotifyIconW 97090->97101 97112 88326f 44 API calls ___scrt_fastfail 97091->97112 97092->97072 97093->97090 97096 8c2db0 97093->97096 97111 883c50 DeleteObject DestroyWindow 97094->97111 97113 8818e2 10 API calls 97096->97113 97099 883263 97099->97072 97102 8c2e41 97101->97102 97103 883837 49 API calls 97102->97103 97103->97061 97105 8ec179 ___scrt_fastfail 97104->97105 97106 8ec276 97104->97106 97107 883923 24 API calls 97105->97107 97106->97072 97109 8ec1a0 97107->97109 97108 8ec25f KillTimer SetTimer 97108->97106 97109->97108 97110 8ec251 Shell_NotifyIconW 97109->97110 97110->97108 97111->97072 97112->97099 97113->97072 97114->97075 97115->97090 97116->97061 97117->97086 97118 882e37 97119 88a961 22 API calls 97118->97119 97120 882e4d 97119->97120 97197 884ae3 97120->97197 97122 882e6b 97123 883a5a 24 API calls 97122->97123 97124 882e7f 97123->97124 97125 889cb3 22 API calls 97124->97125 97126 882e8c 97125->97126 97127 884ecb 94 API calls 97126->97127 97128 882ea5 97127->97128 97129 882ead 97128->97129 97130 8c2cb0 97128->97130 97211 88a8c7 22 API calls __fread_nolock 97129->97211 97131 8f2cf9 80 API calls 97130->97131 97132 8c2cc3 97131->97132 97134 8c2ccf 97132->97134 97135 884f39 68 API calls 97132->97135 97138 884f39 68 API calls 97134->97138 97135->97134 97136 882ec3 97212 886f88 22 API calls 97136->97212 97140 8c2ce5 97138->97140 97139 882ecf 97141 889cb3 22 API calls 97139->97141 97229 883084 22 API calls 97140->97229 97142 882edc 97141->97142 97213 88a81b 41 API calls 97142->97213 97145 882eec 97147 889cb3 22 API calls 97145->97147 97146 8c2d02 97230 883084 22 API calls 97146->97230 97148 882f12 97147->97148 97214 88a81b 41 API calls 97148->97214 97151 8c2d1e 97152 883a5a 24 API calls 97151->97152 97153 8c2d44 97152->97153 97231 883084 22 API calls 97153->97231 97154 882f21 97157 88a961 22 API calls 97154->97157 97156 8c2d50 97232 88a8c7 22 API calls __fread_nolock 97156->97232 97159 882f3f 97157->97159 97215 883084 22 API calls 97159->97215 97160 8c2d5e 97233 883084 22 API calls 97160->97233 97163 882f4b 97216 8a4a28 40 API calls 3 library calls 97163->97216 97164 8c2d6d 97234 88a8c7 22 API calls __fread_nolock 97164->97234 97166 882f59 97166->97140 97167 882f63 97166->97167 97217 8a4a28 40 API calls 3 library calls 97167->97217 97170 882f6e 97170->97146 97172 882f78 97170->97172 97171 8c2d83 97235 883084 22 API calls 97171->97235 97218 8a4a28 40 API calls 3 library calls 97172->97218 97175 8c2d90 97176 882f83 97176->97151 97177 882f8d 97176->97177 97219 8a4a28 40 API calls 3 library calls 97177->97219 97179 882f98 97180 882fdc 97179->97180 97220 883084 22 API calls 97179->97220 97180->97164 97181 882fe8 97180->97181 97181->97175 97223 8863eb 22 API calls 97181->97223 97184 882fbf 97221 88a8c7 22 API calls __fread_nolock 97184->97221 97185 882ff8 97224 886a50 22 API calls 97185->97224 97188 882fcd 97222 883084 22 API calls 97188->97222 97190 883006 97225 8870b0 23 API calls 97190->97225 97192 883021 97193 883065 97192->97193 97226 886f88 22 API calls 97192->97226 97227 8870b0 23 API calls 97192->97227 97228 883084 22 API calls 97192->97228 97198 884af0 __wsopen_s 97197->97198 97199 886b57 22 API calls 97198->97199 97200 884b22 97198->97200 97199->97200 97202 884b58 97200->97202 97236 884c6d 97200->97236 97203 884c29 97202->97203 97205 889cb3 22 API calls 97202->97205 97208 884c6d 22 API calls 97202->97208 97210 88515f 22 API calls 97202->97210 97204 889cb3 22 API calls 97203->97204 97207 884c5e 97203->97207 97206 884c52 97204->97206 97205->97202 97209 88515f 22 API calls 97206->97209 97207->97122 97208->97202 97209->97207 97210->97202 97211->97136 97212->97139 97213->97145 97214->97154 97215->97163 97216->97166 97217->97170 97218->97176 97219->97179 97220->97184 97221->97188 97222->97180 97223->97185 97224->97190 97225->97192 97226->97192 97227->97192 97228->97192 97229->97146 97230->97151 97231->97156 97232->97160 97233->97164 97234->97171 97235->97175 97237 88aec9 22 API calls 97236->97237 97238 884c78 97237->97238 97238->97200

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 389 8842de-88434d call 88a961 GetVersionExW call 886b57 394 8c3617-8c362a 389->394 395 884353 389->395 396 8c362b-8c362f 394->396 397 884355-884357 395->397 398 8c3631 396->398 399 8c3632-8c363e 396->399 400 88435d-8843bc call 8893b2 call 8837a0 397->400 401 8c3656 397->401 398->399 399->396 402 8c3640-8c3642 399->402 416 8c37df-8c37e6 400->416 417 8843c2-8843c4 400->417 405 8c365d-8c3660 401->405 402->397 404 8c3648-8c364f 402->404 404->394 407 8c3651 404->407 408 88441b-884435 GetCurrentProcess IsWow64Process 405->408 409 8c3666-8c36a8 405->409 407->401 411 884494-88449a 408->411 412 884437 408->412 409->408 413 8c36ae-8c36b1 409->413 415 88443d-884449 411->415 412->415 418 8c36db-8c36e5 413->418 419 8c36b3-8c36bd 413->419 425 88444f-88445e LoadLibraryA 415->425 426 8c3824-8c3828 GetSystemInfo 415->426 421 8c37e8 416->421 422 8c3806-8c3809 416->422 417->405 420 8843ca-8843dd 417->420 423 8c36f8-8c3702 418->423 424 8c36e7-8c36f3 418->424 427 8c36bf-8c36c5 419->427 428 8c36ca-8c36d6 419->428 429 8c3726-8c372f 420->429 430 8843e3-8843e5 420->430 431 8c37ee 421->431 434 8c380b-8c381a 422->434 435 8c37f4-8c37fc 422->435 432 8c3704-8c3710 423->432 433 8c3715-8c3721 423->433 424->408 436 88449c-8844a6 GetSystemInfo 425->436 437 884460-88446e GetProcAddress 425->437 427->408 428->408 441 8c373c-8c3748 429->441 442 8c3731-8c3737 429->442 439 8c374d-8c3762 430->439 440 8843eb-8843ee 430->440 431->435 432->408 433->408 434->431 443 8c381c-8c3822 434->443 435->422 438 884476-884478 436->438 437->436 444 884470-884474 GetNativeSystemInfo 437->444 449 88447a-88447b FreeLibrary 438->449 450 884481-884493 438->450 447 8c376f-8c377b 439->447 448 8c3764-8c376a 439->448 445 8843f4-88440f 440->445 446 8c3791-8c3794 440->446 441->408 442->408 443->435 444->438 451 8c3780-8c378c 445->451 452 884415 445->452 446->408 453 8c379a-8c37c1 446->453 447->408 448->408 449->450 451->408 452->408 454 8c37ce-8c37da 453->454 455 8c37c3-8c37c9 453->455 454->408 455->408
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 0088430D
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,0091CB64,00000000,?,?), ref: 00884422
                                                                                                                                                                                                                                                  • IsWow64Process.KERNEL32(00000000,?,?), ref: 00884429
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00884454
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00884466
                                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00884474
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 0088447B
                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,?,?), ref: 008844A0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                  • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                  • Opcode ID: d62a8f1533483c2def36b5203ff04d5c4dc630bdd52fd6971769541f610e5e74
                                                                                                                                                                                                                                                  • Instruction ID: c60c7a29d59642046ac10e4b8a27d1e7bd921e529f99146a81c5dc1ee721f27f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d62a8f1533483c2def36b5203ff04d5c4dc630bdd52fd6971769541f610e5e74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56A1A26293E3C4DFC711E76BBC617957FA4BF3634AB0898ADE041D3A21D2304949EB25

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 793 8842a2-8842ba CreateStreamOnHGlobal 794 8842da-8842dd 793->794 795 8842bc-8842d3 FindResourceExW 793->795 796 8842d9 795->796 797 8c35ba-8c35c9 LoadResource 795->797 796->794 797->796 798 8c35cf-8c35dd SizeofResource 797->798 798->796 799 8c35e3-8c35ee LockResource 798->799 799->796 800 8c35f4-8c3612 799->800 800->796
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008850AA,?,?,00000000,00000000), ref: 008842B2
                                                                                                                                                                                                                                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008850AA,?,?,00000000,00000000), ref: 008842C9
                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000,?,?,008850AA,?,?,00000000,00000000,?,?,?,?,?,?,00884F20), ref: 008C35BE
                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000,?,?,008850AA,?,?,00000000,00000000,?,?,?,?,?,?,00884F20), ref: 008C35D3
                                                                                                                                                                                                                                                  • LockResource.KERNEL32(008850AA,?,?,008850AA,?,?,00000000,00000000,?,?,?,?,?,?,00884F20,?), ref: 008C35E6
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                  • String ID: SCRIPT
                                                                                                                                                                                                                                                  • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                  • Opcode ID: 5158cd7bd6dba36957cf76ffc89763180ce4e7852ea8650f1f6663fa87c67b49
                                                                                                                                                                                                                                                  • Instruction ID: 0f6b70d8adbd806d4d2808e26776a23d8bde5604fca422951474a8d8932bea12
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5158cd7bd6dba36957cf76ffc89763180ce4e7852ea8650f1f6663fa87c67b49
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4011ACB1344305BFD7219B65DC48F677BB9FBC9B55F108569B412C6250DBB2D800D620

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00882B6B
                                                                                                                                                                                                                                                    • Part of subcall function 00883A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00951418,?,00882E7F,?,?,?,00000000), ref: 00883A78
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,?,?,00942224), ref: 008C2C10
                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,?,?,00942224), ref: 008C2C17
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                  • String ID: runas
                                                                                                                                                                                                                                                  • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                  • Opcode ID: 0f02a7378bd4ce07f5dbc668e5b19c010b555638358dc21db92bd9fb58720b96
                                                                                                                                                                                                                                                  • Instruction ID: dc1fb6bd80b61490537ea2a46cea31fd0e3106122316bf3dc148349d8cf0aeb1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f02a7378bd4ce07f5dbc668e5b19c010b555638358dc21db92bd9fb58720b96
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C11BE31208305AAC715FF68E852EBEB7A4FB95765F48142DF082D21E2CF218A4AD713

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 008ED501
                                                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 008ED50F
                                                                                                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 008ED52F
                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 008ED5DC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                                                                                                  • Opcode ID: bd3e66cc4eb8f3a7eac7e4e6186f9f15283bef2deaf6b01aa3e9ec3bea638696
                                                                                                                                                                                                                                                  • Instruction ID: 0e086edd5fd0ddbb527797945510f3851dae77ea575c645418fe20939e747469
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd3e66cc4eb8f3a7eac7e4e6186f9f15283bef2deaf6b01aa3e9ec3bea638696
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6317E71108341AFD304EF58C885AAFBBE8FF99354F14092DF581D61A1EB71AA49CB93

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 993 8edbbe-8edbda lstrlenW 994 8edbdc-8edbe6 GetFileAttributesW 993->994 995 8edc06 993->995 996 8edbe8-8edbf7 FindFirstFileW 994->996 997 8edc09-8edc0d 994->997 995->997 996->995 998 8edbf9-8edc04 FindClose 996->998 998->997
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,008C5222), ref: 008EDBCE
                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?), ref: 008EDBDD
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 008EDBEE
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008EDBFA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2695905019-0
                                                                                                                                                                                                                                                  • Opcode ID: 5bfa242c1e36fa97c58a67d227672a03bf7df5d7cbff8534b0954c3a5da79bf4
                                                                                                                                                                                                                                                  • Instruction ID: fe7ac88ffb42ac122eddb7dba32326c2316d53c2390438353bbeca957e99ca59
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bfa242c1e36fa97c58a67d227672a03bf7df5d7cbff8534b0954c3a5da79bf4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CF0EC704686145782206B7C9C0D4EA376CEF03374B208702F435C11F0EBB09D58D5D6
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(008B28E9,?,008A4CBE,008B28E9,009488B8,0000000C,008A4E15,008B28E9,00000002,00000000,?,008B28E9), ref: 008A4D09
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,008A4CBE,008B28E9,009488B8,0000000C,008A4E15,008B28E9,00000002,00000000,?,008B28E9), ref: 008A4D10
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 008A4D22
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                  • Opcode ID: 301272f74f2cbb7af78f7c33410a2fcb76987c0b24a4c2e7ab5cf04c060239c0
                                                                                                                                                                                                                                                  • Instruction ID: 9d2787c340cdcf857163db68a9ea59a646fe84361be19f9af7ee43761970f64d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 301272f74f2cbb7af78f7c33410a2fcb76987c0b24a4c2e7ab5cf04c060239c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0E0B671154148ABDF11AF58DE09A987B69FB82785B108014FD15CA632DB75DE42EB80

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 90aff9-90b056 call 8a2340 3 90b094-90b098 0->3 4 90b058-90b06b call 88b567 0->4 5 90b09a-90b0bb call 88b567 * 2 3->5 6 90b0dd-90b0e0 3->6 15 90b0c8 4->15 16 90b06d-90b092 call 88b567 * 2 4->16 30 90b0bf-90b0c4 5->30 8 90b0e2-90b0e5 6->8 9 90b0f5-90b119 call 887510 call 887620 6->9 12 90b0e8-90b0ed call 88b567 8->12 32 90b1d8-90b1e0 9->32 33 90b11f-90b178 call 887510 call 887620 call 887510 call 887620 call 887510 call 887620 9->33 12->9 20 90b0cb-90b0cf 15->20 16->30 26 90b0d1-90b0d7 20->26 27 90b0d9-90b0db 20->27 26->12 27->6 27->9 30->6 34 90b0c6 30->34 35 90b1e2-90b1fd call 887510 call 887620 32->35 36 90b20a-90b238 GetCurrentDirectoryW call 89fe0b GetCurrentDirectoryW 32->36 80 90b1a6-90b1d6 GetSystemDirectoryW call 89fe0b GetSystemDirectoryW 33->80 81 90b17a-90b195 call 887510 call 887620 33->81 34->20 35->36 50 90b1ff-90b208 call 8a4963 35->50 45 90b23c 36->45 48 90b240-90b244 45->48 51 90b275-90b285 call 8f00d9 48->51 52 90b246-90b270 call 889c6e * 3 48->52 50->36 50->51 64 90b287-90b289 51->64 65 90b28b-90b2e1 call 8f07c0 call 8f06e6 call 8f05a7 51->65 52->51 68 90b2ee-90b2f2 64->68 65->68 96 90b2e3 65->96 70 90b2f8-90b321 call 8e11c8 68->70 71 90b39a-90b3be CreateProcessW 68->71 85 90b323-90b328 call 8e1201 70->85 86 90b32a call 8e14ce 70->86 78 90b3c1-90b3d4 call 89fe14 * 2 71->78 101 90b3d6-90b3e8 78->101 102 90b42f-90b43d CloseHandle 78->102 80->45 81->80 107 90b197-90b1a0 call 8a4963 81->107 100 90b32f-90b33c call 8a4963 85->100 86->100 96->68 115 90b347-90b357 call 8a4963 100->115 116 90b33e-90b345 100->116 105 90b3ea 101->105 106 90b3ed-90b3fc 101->106 109 90b49c 102->109 110 90b43f-90b444 102->110 105->106 111 90b401-90b42a GetLastError call 88630c call 88cfa0 106->111 112 90b3fe 106->112 107->48 107->80 113 90b4a0-90b4a4 109->113 117 90b451-90b456 110->117 118 90b446-90b44c CloseHandle 110->118 130 90b4e5-90b4f6 call 8f0175 111->130 112->111 122 90b4b2-90b4bc 113->122 123 90b4a6-90b4b0 113->123 133 90b362-90b372 call 8a4963 115->133 134 90b359-90b360 115->134 116->115 116->116 119 90b463-90b468 117->119 120 90b458-90b45e CloseHandle 117->120 118->117 127 90b475-90b49a call 8f09d9 call 90b536 119->127 128 90b46a-90b470 CloseHandle 119->128 120->119 131 90b4c4-90b4e3 call 88cfa0 CloseHandle 122->131 132 90b4be 122->132 123->130 127->113 128->127 131->130 132->131 146 90b374-90b37b 133->146 147 90b37d-90b398 call 89fe14 * 3 133->147 134->133 134->134 146->146 146->147 147->78
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090B198
                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0090B1B0
                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0090B1D4
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090B200
                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0090B214
                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0090B236
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090B332
                                                                                                                                                                                                                                                    • Part of subcall function 008F05A7: GetStdHandle.KERNEL32(000000F6), ref: 008F05C6
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090B34B
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090B366
                                                                                                                                                                                                                                                  • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0090B3B6
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 0090B407
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0090B439
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0090B44A
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0090B45C
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0090B46E
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0090B4E3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2178637699-0
                                                                                                                                                                                                                                                  • Opcode ID: d689ff72e57a66a004c1d32295857685f4d491a33f93266eb7da7be7b2508894
                                                                                                                                                                                                                                                  • Instruction ID: d129d29f779fb57ecdbf59063c54ec87e20bad19d603ac4cd2ae348bc6dc0fc0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d689ff72e57a66a004c1d32295857685f4d491a33f93266eb7da7be7b2508894
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26F17B716082409FCB14EF28C891B6EBBE5FF85714F18895DF8959B2A2DB31EC44CB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetInputState.USER32 ref: 0088D807
                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 0088DA07
                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0088DB28
                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 0088DB7B
                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 0088DB89
                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0088DB9F
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(0000000A), ref: 0088DBB1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2189390790-0
                                                                                                                                                                                                                                                  • Opcode ID: a2f553b4057098d65056511f21eff7a6d1410ba26339458e53068071f6c6ef18
                                                                                                                                                                                                                                                  • Instruction ID: 8ae5821de2cc025083bd6dd2497f3bdbb7dc5a47bd24ee16d586ea4699358ac4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2f553b4057098d65056511f21eff7a6d1410ba26339458e53068071f6c6ef18
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF42EF70608345EFDB28EF28C844BAABBE1FF96314F14865AE495C7391D770E844DB92

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00882D07
                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00882D31
                                                                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00882D42
                                                                                                                                                                                                                                                  • InitCommonControlsEx.COMCTL32(?), ref: 00882D5F
                                                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00882D6F
                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A9), ref: 00882D85
                                                                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00882D94
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                  • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                  • Opcode ID: 24b51536be07406fe832f1b2b30246bce656d7d829a97fe9934dc9edfaee302d
                                                                                                                                                                                                                                                  • Instruction ID: cc8700d5c8826271a28463271080ea3b78c7ac9e5666311dca1e63aa0d47bc6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24b51536be07406fe832f1b2b30246bce656d7d829a97fe9934dc9edfaee302d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5921C4B5E65318AFDB00DFA5EC59BDDBBB4FB08701F00811AF511A62A0D7B14644EF91

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 457 8c065b-8c068b call 8c042f 460 8c068d-8c0698 call 8af2c6 457->460 461 8c06a6-8c06b2 call 8b5221 457->461 468 8c069a-8c06a1 call 8af2d9 460->468 466 8c06cb-8c0714 call 8c039a 461->466 467 8c06b4-8c06c9 call 8af2c6 call 8af2d9 461->467 477 8c0716-8c071f 466->477 478 8c0781-8c078a GetFileType 466->478 467->468 475 8c097d-8c0983 468->475 482 8c0756-8c077c GetLastError call 8af2a3 477->482 483 8c0721-8c0725 477->483 479 8c078c-8c07bd GetLastError call 8af2a3 CloseHandle 478->479 480 8c07d3-8c07d6 478->480 479->468 496 8c07c3-8c07ce call 8af2d9 479->496 486 8c07df-8c07e5 480->486 487 8c07d8-8c07dd 480->487 482->468 483->482 488 8c0727-8c0754 call 8c039a 483->488 492 8c07e9-8c0837 call 8b516a 486->492 493 8c07e7 486->493 487->492 488->478 488->482 499 8c0839-8c0845 call 8c05ab 492->499 500 8c0847-8c086b call 8c014d 492->500 493->492 496->468 499->500 506 8c086f-8c0879 call 8b86ae 499->506 507 8c086d 500->507 508 8c087e-8c08c1 500->508 506->475 507->506 510 8c08e2-8c08f0 508->510 511 8c08c3-8c08c7 508->511 512 8c097b 510->512 513 8c08f6-8c08fa 510->513 511->510 515 8c08c9-8c08dd 511->515 512->475 513->512 516 8c08fc-8c092f CloseHandle call 8c039a 513->516 515->510 519 8c0931-8c095d GetLastError call 8af2a3 call 8b5333 516->519 520 8c0963-8c0977 516->520 519->520 520->512
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008C039A: CreateFileW.KERNELBASE(00000000,00000000,?,008C0704,?,?,00000000,?,008C0704,00000000,0000000C), ref: 008C03B7
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008C076F
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 008C0776
                                                                                                                                                                                                                                                  • GetFileType.KERNELBASE(00000000), ref: 008C0782
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008C078C
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 008C0795
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008C07B5
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008C08FF
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008C0931
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 008C0938
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                  • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                  • Opcode ID: a4ca73ce52290f3eaf8f7840d7306f6e38f74663e7a883f787736691f1946e8c
                                                                                                                                                                                                                                                  • Instruction ID: bfe13d1c4eca2de7f6b11fac5cfed073e40d9628dd19359993c5b3e9c8141c39
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4ca73ce52290f3eaf8f7840d7306f6e38f74663e7a883f787736691f1946e8c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74A10132A142088FDF19AFA8D851BAE3BB0FB4A364F14415DF811DB292D731D912DF92

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00883A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00951418,?,00882E7F,?,?,?,00000000), ref: 00883A78
                                                                                                                                                                                                                                                    • Part of subcall function 00883357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00883379
                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0088356A
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 008C318D
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008C31CE
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 008C3210
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008C3277
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008C3286
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                  • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                  • Opcode ID: 0577bf6a123fe911a69ee93516c677b80e9c5c01a76386b36638e12bd0a69e68
                                                                                                                                                                                                                                                  • Instruction ID: ef878ea75e2d1aed095ce3e340f9f286a2faed59e060869f9b955bb7923d6416
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0577bf6a123fe911a69ee93516c677b80e9c5c01a76386b36638e12bd0a69e68
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D717F715183019EC714EF6AEC819ABBBE8FF86B41F40442EF545D71A0EB30DA49DB52

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00882B8E
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00882B9D
                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00882BB3
                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A4), ref: 00882BC5
                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A2), ref: 00882BD7
                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00882BEF
                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00882C40
                                                                                                                                                                                                                                                    • Part of subcall function 00882CD4: GetSysColorBrush.USER32(0000000F), ref: 00882D07
                                                                                                                                                                                                                                                    • Part of subcall function 00882CD4: RegisterClassExW.USER32(00000030), ref: 00882D31
                                                                                                                                                                                                                                                    • Part of subcall function 00882CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00882D42
                                                                                                                                                                                                                                                    • Part of subcall function 00882CD4: InitCommonControlsEx.COMCTL32(?), ref: 00882D5F
                                                                                                                                                                                                                                                    • Part of subcall function 00882CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00882D6F
                                                                                                                                                                                                                                                    • Part of subcall function 00882CD4: LoadIconW.USER32(000000A9), ref: 00882D85
                                                                                                                                                                                                                                                    • Part of subcall function 00882CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00882D94
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                  • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                  • Opcode ID: eb55fb7a55786c3bf3fc5813622340c88480822fbadde941128e4f0ffc60b175
                                                                                                                                                                                                                                                  • Instruction ID: af5270951c1c09eb049e6fc5a1dc2a938bf28d465a5477b909df4a8d6858e11a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb55fb7a55786c3bf3fc5813622340c88480822fbadde941128e4f0ffc60b175
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1216FB4E68318AFDB109FA6EC65BED7FB4FB08B51F00415AF500A66A0D3B10940EF90

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 598 883170-883185 599 8831e5-8831e7 598->599 600 883187-88318a 598->600 599->600 601 8831e9 599->601 602 8831eb 600->602 603 88318c-883193 600->603 606 8831d0-8831d8 DefWindowProcW 601->606 607 8c2dfb-8c2e23 call 8818e2 call 89e499 602->607 608 8831f1-8831f6 602->608 604 883199-88319e 603->604 605 883265-88326d PostQuitMessage 603->605 610 8c2e7c-8c2e90 call 8ebf30 604->610 611 8831a4-8831a8 604->611 613 883219-88321b 605->613 612 8831de-8831e4 606->612 641 8c2e28-8c2e2f 607->641 614 8831f8-8831fb 608->614 615 88321d-883244 SetTimer RegisterWindowMessageW 608->615 610->613 635 8c2e96 610->635 617 8c2e68-8c2e72 call 8ec161 611->617 618 8831ae-8831b3 611->618 613->612 621 8c2d9c-8c2d9f 614->621 622 883201-88320f KillTimer call 8830f2 614->622 615->613 619 883246-883251 CreatePopupMenu 615->619 631 8c2e77 617->631 625 8c2e4d-8c2e54 618->625 626 8831b9-8831be 618->626 619->613 628 8c2dd7-8c2df6 MoveWindow 621->628 629 8c2da1-8c2da5 621->629 639 883214 call 883c50 622->639 625->606 638 8c2e5a-8c2e63 call 8e0ad7 625->638 633 883253-883263 call 88326f 626->633 634 8831c4-8831ca 626->634 628->613 636 8c2dc6-8c2dd2 SetFocus 629->636 637 8c2da7-8c2daa 629->637 631->613 633->613 634->606 634->641 635->606 636->613 637->634 642 8c2db0-8c2dc1 call 8818e2 637->642 638->606 639->613 641->606 646 8c2e35-8c2e48 call 8830f2 call 883837 641->646 642->613 646->606
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0088316A,?,?), ref: 008831D8
                                                                                                                                                                                                                                                  • KillTimer.USER32(?,00000001,?,?,?,?,?,0088316A,?,?), ref: 00883204
                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00883227
                                                                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0088316A,?,?), ref: 00883232
                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00883246
                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00883267
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                                                                                                                                  • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                  • Opcode ID: 63434b8802e2162f7cbd4d951a46fd1c5b8475fd58e0d894ed52974548dfc8f0
                                                                                                                                                                                                                                                  • Instruction ID: bc6a3ee169db6775082a526c2adeddc5f9a0124885637c58f5a91dfb7f614a70
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63434b8802e2162f7cbd4d951a46fd1c5b8475fd58e0d894ed52974548dfc8f0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15412735258308A7DB257B78AC1DBBD3A69F705F06F044125F902C52E2CBB09A40E762

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 654 881410-881449 655 8c24b8-8c24b9 DestroyWindow 654->655 656 88144f-881465 mciSendStringW 654->656 659 8c24c4-8c24d1 655->659 657 88146b-881473 656->657 658 8816c6-8816d3 656->658 657->659 660 881479-881488 call 88182e 657->660 661 8816f8-8816ff 658->661 662 8816d5-8816f0 UnregisterHotKey 658->662 663 8c2500-8c2507 659->663 664 8c24d3-8c24d6 659->664 675 8c250e-8c251a 660->675 676 88148e-881496 660->676 661->657 667 881705 661->667 662->661 666 8816f2-8816f3 call 8810d0 662->666 663->659 672 8c2509 663->672 668 8c24d8-8c24e0 call 886246 664->668 669 8c24e2-8c24e5 FindClose 664->669 666->661 667->658 674 8c24eb-8c24f8 668->674 669->674 672->675 674->663 680 8c24fa-8c24fb call 8f32b1 674->680 677 8c251c-8c251e FreeLibrary 675->677 678 8c2524-8c252b 675->678 681 88149c-8814c1 call 88cfa0 676->681 682 8c2532-8c253f 676->682 677->678 678->675 683 8c252d 678->683 680->663 692 8814f8-881503 CoUninitialize 681->692 693 8814c3 681->693 684 8c2566-8c256d 682->684 685 8c2541-8c255e VirtualFree 682->685 683->682 684->682 689 8c256f 684->689 685->684 688 8c2560-8c2561 call 8f3317 685->688 688->684 696 8c2574-8c2578 689->696 695 881509-88150e 692->695 692->696 694 8814c6-8814f6 call 881a05 call 8819ae 693->694 694->692 698 8c2589-8c2596 call 8f32eb 695->698 699 881514-88151e 695->699 696->695 700 8c257e-8c2584 696->700 712 8c2598 698->712 703 881524-8815a5 call 88988f call 881944 call 8817d5 call 89fe14 call 88177c call 88988f call 88cfa0 call 8817fe call 89fe14 699->703 704 881707-881714 call 89f80e 699->704 700->695 716 8c259d-8c25bf call 89fdcd 703->716 744 8815ab-8815cf call 89fe14 703->744 704->703 714 88171a 704->714 712->716 714->704 722 8c25c1 716->722 726 8c25c6-8c25e8 call 89fdcd 722->726 732 8c25ea 726->732 734 8c25ef-8c2611 call 89fdcd 732->734 740 8c2613 734->740 743 8c2618-8c2625 call 8e64d4 740->743 749 8c2627 743->749 744->726 750 8815d5-8815f9 call 89fe14 744->750 753 8c262c-8c2639 call 89ac64 749->753 750->734 754 8815ff-881619 call 89fe14 750->754 759 8c263b 753->759 754->743 760 88161f-881643 call 8817d5 call 89fe14 754->760 762 8c2640-8c264d call 8f3245 759->762 760->753 769 881649-881651 760->769 767 8c264f 762->767 770 8c2654-8c2661 call 8f32cc 767->770 769->762 771 881657-881675 call 88988f call 88190a 769->771 776 8c2663 770->776 771->770 780 88167b-881689 771->780 779 8c2668-8c2675 call 8f32cc 776->779 786 8c2677 779->786 780->779 781 88168f-8816c5 call 88988f * 3 call 881876 780->781 786->786
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00881459
                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE ref: 008814F8
                                                                                                                                                                                                                                                  • UnregisterHotKey.USER32(?), ref: 008816DD
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 008C24B9
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 008C251E
                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 008C254B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                  • String ID: close all
                                                                                                                                                                                                                                                  • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                  • Opcode ID: 854e944bfc45150e5ac076b85035a3b310671e050f3492f4a9e498049d57d184
                                                                                                                                                                                                                                                  • Instruction ID: f13a35e9271b8a475c256355eec35a48025a35b0ac3d8a6fe79fe01e36624dcf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 854e944bfc45150e5ac076b85035a3b310671e050f3492f4a9e498049d57d184
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AD113717012128BCB29EF19C899E69F7A4FF05714F1442ADE54AEB292DB30ED12CF51

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 803 882c63-882cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00882C91
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00882CB2
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00881CAD,?), ref: 00882CC6
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00881CAD,?), ref: 00882CCF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$CreateShow
                                                                                                                                                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                  • Opcode ID: 1003a25a081451e6539d06d4bc934639b9ce5211156f9066a485d26bf196fa29
                                                                                                                                                                                                                                                  • Instruction ID: cf46db15b523e638dfb985015c25a4aa9f62fc3352821d3ef64daaec5f796173
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1003a25a081451e6539d06d4bc934639b9ce5211156f9066a485d26bf196fa29
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87F03AB56A53947AEB300713AC18FB72EBDD7C6F61F01401AF900A21B0C2710840EBB0

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 954 883b1c-883b27 955 883b99-883b9b 954->955 956 883b29-883b2e 954->956 957 883b8c-883b8f 955->957 956->955 958 883b30-883b48 RegOpenKeyExW 956->958 958->955 959 883b4a-883b69 RegQueryValueExW 958->959 960 883b6b-883b76 959->960 961 883b80-883b8b RegCloseKey 959->961 962 883b78-883b7a 960->962 963 883b90-883b97 960->963 961->957 964 883b7e 962->964 963->964 964->961
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00883B0F,SwapMouseButtons,00000004,?), ref: 00883B40
                                                                                                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00883B0F,SwapMouseButtons,00000004,?), ref: 00883B61
                                                                                                                                                                                                                                                  • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00883B0F,SwapMouseButtons,00000004,?), ref: 00883B83
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                  • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                  • Opcode ID: 7474fa0dcbb12aa6cce67d9f7524ede0d804ccac604ec1ffb3d6b0bd3193b6b8
                                                                                                                                                                                                                                                  • Instruction ID: e032a7eb7584eac7938e95a5ec572ad06d466b03e25b951d9781c21c97db7dc1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7474fa0dcbb12aa6cce67d9f7524ede0d804ccac604ec1ffb3d6b0bd3193b6b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB112AB5620208FFDB20DFA5DC44AEEB7B8FF05B94B108459A805D7110E2319F40A760
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008C33A2
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00883A04
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                  • String ID: Line:
                                                                                                                                                                                                                                                  • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                  • Opcode ID: 81ff6135e333ae1d919143afd8e1a04b38e9da0ee446be89bec722314cdac691
                                                                                                                                                                                                                                                  • Instruction ID: 92dda882688d04adc7145cbff82025f1e33aedf60e303c42edd4478c303ad8b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81ff6135e333ae1d919143afd8e1a04b38e9da0ee446be89bec722314cdac691
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3231CE71518304AAD725FB28EC45BEBB7E8FB81B14F00492AF599D2191EB709A49C7C3
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 008A0668
                                                                                                                                                                                                                                                    • Part of subcall function 008A32A4: RaiseException.KERNEL32(?,?,?,008A068A,?,00951444,?,?,?,?,?,?,008A068A,00881129,00948738,00881129), ref: 008A3304
                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 008A0685
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                                                                                                  • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                  • Opcode ID: 1faea02e25444cf5ab38ab557d57975b7f81c1e7fda9265212350de9cd65a11b
                                                                                                                                                                                                                                                  • Instruction ID: 00b63258e11765e73b51b0fc0949697ae677703169afc284603087a7fd438027
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1faea02e25444cf5ab38ab557d57975b7f81c1e7fda9265212350de9cd65a11b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11F0FF3490030C639F04B6A8D846D9E776CFE42358B604030B914D2C92EF70EA25CA82
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00881BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00881BF4
                                                                                                                                                                                                                                                    • Part of subcall function 00881BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00881BFC
                                                                                                                                                                                                                                                    • Part of subcall function 00881BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00881C07
                                                                                                                                                                                                                                                    • Part of subcall function 00881BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00881C12
                                                                                                                                                                                                                                                    • Part of subcall function 00881BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00881C1A
                                                                                                                                                                                                                                                    • Part of subcall function 00881BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00881C22
                                                                                                                                                                                                                                                    • Part of subcall function 00881B4A: RegisterWindowMessageW.USER32(00000004,?,008812C4), ref: 00881BA2
                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0088136A
                                                                                                                                                                                                                                                  • OleInitialize.OLE32 ref: 00881388
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000), ref: 008C24AB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1986988660-0
                                                                                                                                                                                                                                                  • Opcode ID: 3a2cc49636f23ca50479789f473d357950d302fa14a00daf97dbfaa9ae17cf0a
                                                                                                                                                                                                                                                  • Instruction ID: 642e690e563de54df476ee924941194e091bdb2244f2cfd8e9fe0c508a431f78
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a2cc49636f23ca50479789f473d357950d302fa14a00daf97dbfaa9ae17cf0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A571BCB49293008FC798EF7FA9457953AE4FB88346754862AE51AC7371FB304846EF41
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00883923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00883A04
                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 008EC259
                                                                                                                                                                                                                                                  • KillTimer.USER32(?,00000001,?,?), ref: 008EC261
                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008EC270
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3500052701-0
                                                                                                                                                                                                                                                  • Opcode ID: 8025cee67d9dd35cf2abee5a53264f508942cffaaf06742d607948bf95480b98
                                                                                                                                                                                                                                                  • Instruction ID: 43ee7fbccd3cc35be707a373de39c42b349d8bc0de0fd62393f9c371c2843cc5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8025cee67d9dd35cf2abee5a53264f508942cffaaf06742d607948bf95480b98
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7318470904384AFEB229F658855BE6BBECEB07308F00449AD69AD7241C7745A85DB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000,00000000,?,?,008B85CC,?,00948CC8,0000000C), ref: 008B8704
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008B85CC,?,00948CC8,0000000C), ref: 008B870E
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 008B8739
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2583163307-0
                                                                                                                                                                                                                                                  • Opcode ID: 28732caee981ebeb5f82ee2e128be70c6fb5a9fbf2a919c22b21cda821d7567b
                                                                                                                                                                                                                                                  • Instruction ID: 9e5f18822a16487e500430168606a4d7d75d0871dd8f01446107c857cd40b58c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28732caee981ebeb5f82ee2e128be70c6fb5a9fbf2a919c22b21cda821d7567b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2016B32608320A6D6647238A8497FF2B8DEBA7778F380119F814CB3D2DEA08C85C251
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 0088DB7B
                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 0088DB89
                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0088DB9F
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(0000000A), ref: 0088DBB1
                                                                                                                                                                                                                                                  • TranslateAcceleratorW.USER32(?,?,?), ref: 008D1CC9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3288985973-0
                                                                                                                                                                                                                                                  • Opcode ID: 09d0508acf213363a52894f1c6da2dc3e6d48a83c8e9a1d5f90fff94b062a4b8
                                                                                                                                                                                                                                                  • Instruction ID: 016c64167f64ea2d982cbe52beeb07d81d59dfb765ec0e58ba6ed6ed0e9c82fb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09d0508acf213363a52894f1c6da2dc3e6d48a83c8e9a1d5f90fff94b062a4b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3F05E70668340ABEB30DB618C49FEA73A9FF44311F108A19E60AC30C0DB70A488DB15
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 008917F6
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                  • String ID: CALL
                                                                                                                                                                                                                                                  • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                  • Opcode ID: de78a15285c328b84415a7287387521e0d09ed3ee847238b076e044e9e5a6c22
                                                                                                                                                                                                                                                  • Instruction ID: 40e4c69cba103cda3eb385e9cb3f19c4fa41de59f501a4ce849a64aa3ae558a4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de78a15285c328b84415a7287387521e0d09ed3ee847238b076e044e9e5a6c22
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB226B706082069FCB14EF18C484A2ABBF1FF89314F19896DF596CB362D771E855CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(?), ref: 008C2C8C
                                                                                                                                                                                                                                                    • Part of subcall function 00883AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00883A97,?,?,00882E7F,?,?,?,00000000), ref: 00883AC2
                                                                                                                                                                                                                                                    • Part of subcall function 00882DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00882DC4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                  • String ID: X
                                                                                                                                                                                                                                                  • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                  • Opcode ID: 26f4f6b232fec7e03dd76b4afa1db6298994d99c539a79ffcdbef8c7eeb08029
                                                                                                                                                                                                                                                  • Instruction ID: c4a2da87e8949b29f2a9767c930fe33ba0626726fe9ae371503169a1da45a62b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26f4f6b232fec7e03dd76b4afa1db6298994d99c539a79ffcdbef8c7eeb08029
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B121C371A102589FCF01EF98C849BEE7BF8FF49714F008059E405E7241DBB49A498B62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00883908
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1144537725-0
                                                                                                                                                                                                                                                  • Opcode ID: 087c7537875f6ef1aed29f951aa64eccf569419f2452953fd8308e70f2f79b36
                                                                                                                                                                                                                                                  • Instruction ID: 6e8029acc99a5bbb99572c46208b2e1ba60b519bed98c81775a341dc8674d44c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 087c7537875f6ef1aed29f951aa64eccf569419f2452953fd8308e70f2f79b36
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C03191B06083019FD720EF25D894797BBE8FB49709F00092EF99AD3250E771AA44DB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 0089F661
                                                                                                                                                                                                                                                    • Part of subcall function 0088D730: GetInputState.USER32 ref: 0088D807
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 008DF2DE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4149333218-0
                                                                                                                                                                                                                                                  • Opcode ID: 1c572d53cb359183fcf7c6b6128e1e339a3544b4fe6f5a4a6d8b0ea02873daf0
                                                                                                                                                                                                                                                  • Instruction ID: a25be7f285b835c634bc65145f554d7a62a5cbac09d062c9ee69eed44eb18c70
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c572d53cb359183fcf7c6b6128e1e339a3544b4fe6f5a4a6d8b0ea02873daf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36F082712843059FD314FF69D445B5ABBE4FF45761F004029E859C73A1DB70B800CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00884E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00884EDD,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884E9C
                                                                                                                                                                                                                                                    • Part of subcall function 00884E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00884EAE
                                                                                                                                                                                                                                                    • Part of subcall function 00884E90: FreeLibrary.KERNEL32(00000000,?,?,00884EDD,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884EC0
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884EFD
                                                                                                                                                                                                                                                    • Part of subcall function 00884E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008C3CDE,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884E62
                                                                                                                                                                                                                                                    • Part of subcall function 00884E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00884E74
                                                                                                                                                                                                                                                    • Part of subcall function 00884E59: FreeLibrary.KERNEL32(00000000,?,?,008C3CDE,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884E87
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2632591731-0
                                                                                                                                                                                                                                                  • Opcode ID: 5cb913f15105cf838e85e36c05f0f67c1912bdce08b9ed613e160e5e2ad80528
                                                                                                                                                                                                                                                  • Instruction ID: 7d931574b49efa688b0c474d7c3c7d96dde3cd5612353a45d6f9e734065bde4b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cb913f15105cf838e85e36c05f0f67c1912bdce08b9ed613e160e5e2ad80528
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1311E332650206AADB24BF68DC02FAD77A5FF40714F10842EF642E61C1EE70DE459751
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __wsopen_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3347428461-0
                                                                                                                                                                                                                                                  • Opcode ID: 27d9446163fbb182e01691068916ed9c9b46b39f111d48d9440925fdeb9291e5
                                                                                                                                                                                                                                                  • Instruction ID: 2238151445153cbfa06d58f5a572b2c0aca4301b5d5688a2dd261a682de0625f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27d9446163fbb182e01691068916ed9c9b46b39f111d48d9440925fdeb9291e5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A11F57590420AEFCB05DF58E941ADA7BF9FF48314F104059F808EB312DA31DA15CBA5
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008B4C7D: RtlAllocateHeap.NTDLL(00000008,00881129,00000000,?,008B2E29,00000001,00000364,?,?,?,008AF2DE,008B3863,00951444,?,0089FDF5,?), ref: 008B4CBE
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B506C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 614378929-0
                                                                                                                                                                                                                                                  • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                  • Instruction ID: e7f9b20b27bf42c2c0c98e1274ea5d9f00fd8958927035f262fb3a168e5dbad5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27012672204B056BE321DE699881A9AFBE8FB89370F25051DE184C3380EA30A806C6B4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                  • Instruction ID: 5b4df9388b642191c08c648c224625f9d3e0975d4d2ccc078e62504fce6380ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF0D132510A14A6E6313E6D8C09B9A379CFF63334F140F15F426D2AD2DA749806C6AA
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,00881129,00000000,?,008B2E29,00000001,00000364,?,?,?,008AF2DE,008B3863,00951444,?,0089FDF5,?), ref: 008B4CBE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: 7cef05842524357178144f94371692aa93a9919fa0b1067d272c6d6de5384564
                                                                                                                                                                                                                                                  • Instruction ID: e876cd3c1dafc6a09fd86eb1e6f63af9f65b61b6bdb1bccb60834c818c6358f0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cef05842524357178144f94371692aa93a9919fa0b1067d272c6d6de5384564
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9F0243120622867EB211F669C16BDA3F88FF81BA1B146121F819E6383CAB0DC0082E0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00951444,?,0089FDF5,?,?,0088A976,00000010,00951440,008813FC,?,008813C6,?,00881129), ref: 008B3852
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: c7ef6231cf9e61a5f14dc73eaf2a214d78e0cde3529c3b23033ed82a9a41366b
                                                                                                                                                                                                                                                  • Instruction ID: dbf0cb134de73e8141d98b2a1db4e33c61fd8124e82548575c89159cae94d7c1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7ef6231cf9e61a5f14dc73eaf2a214d78e0cde3529c3b23033ed82a9a41366b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2E0E53114422567EB2126AB9C00BDA3648FB827B0F060030BC14D2B91DBA0EE0182E3
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884F6D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                                                                                                  • Opcode ID: 3fd7a016c2d1eb3d460131ea484698cc80ce3f3976bdeddf3644ee5c5600bfce
                                                                                                                                                                                                                                                  • Instruction ID: 1669959087c2c0666fb828d81290c945103dfe4758996db80f1a9e8eca317bac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fd7a016c2d1eb3d460131ea484698cc80ce3f3976bdeddf3644ee5c5600bfce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29F03072145752CFDB34AF64D490812B7E4FF143193159D7EE2DAC2511CB319844DF10
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 00912A66
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2353593579-0
                                                                                                                                                                                                                                                  • Opcode ID: 35ff09b96bf5d94b44d9fcfec9d8af1940b909744bce7a35f71547be68d8e10d
                                                                                                                                                                                                                                                  • Instruction ID: 283d7d9fd1e482366126d3e8dddd3c16fb6b7f36bf1287a337de197fd930ede9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35ff09b96bf5d94b44d9fcfec9d8af1940b909744bce7a35f71547be68d8e10d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E0DF3239421EAACB10FB34DC848FA734CEF11390710443AAC1AC2140DB34A9A182A0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0088314E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1144537725-0
                                                                                                                                                                                                                                                  • Opcode ID: ef935bbba7e07226c33fcfc16d0f5fa1ce7d7329546b0e6ab42573160cf15a53
                                                                                                                                                                                                                                                  • Instruction ID: 376cf6b15da249d8436c1a6d3f45ece9948dc6c327ab7195da83586287f29bef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef935bbba7e07226c33fcfc16d0f5fa1ce7d7329546b0e6ab42573160cf15a53
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6F037709183149FEB529B24DC497D57BBCB701708F0000E5A548D6291D7745788CF51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00882DC4
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 541455249-0
                                                                                                                                                                                                                                                  • Opcode ID: ae7858628f0be26b4416918ab6c4b81de9da0346f1519d2360121db22bfe9c9c
                                                                                                                                                                                                                                                  • Instruction ID: 9f6b8347e89106f9ff90c0e2f3fa0e5aaab76241a0e42043a99dc0a5732c2305
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae7858628f0be26b4416918ab6c4b81de9da0346f1519d2360121db22bfe9c9c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE0CD726042245BCB10A25C9C09FDA77EDEFC8790F044075FD09D7248D970ED80C651
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00883837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00883908
                                                                                                                                                                                                                                                    • Part of subcall function 0088D730: GetInputState.USER32 ref: 0088D807
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00882B6B
                                                                                                                                                                                                                                                    • Part of subcall function 008830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0088314E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3667716007-0
                                                                                                                                                                                                                                                  • Opcode ID: 15bc1e404ea5a0341de99aad75aa6abb65d7f5e70db4d92c8048973ff9d874cc
                                                                                                                                                                                                                                                  • Instruction ID: 5dc35d25c066eb68223553724769aa995477cdf1299ebf6b677f627b112abd4e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15bc1e404ea5a0341de99aad75aa6abb65d7f5e70db4d92c8048973ff9d874cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AE0862130434506CA14BB7DA8525BDA759FBD5756F40153EF542C71B2CE2449498353
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,00000000,?,008C0704,?,?,00000000,?,008C0704,00000000,0000000C), ref: 008C03B7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                  • Opcode ID: 413ce17e41e44b1fdd09f51b6e222c3adefe40586b4ad42ec04dbf39da488367
                                                                                                                                                                                                                                                  • Instruction ID: bd8407aa23ac3f9d43dac8fa90a6169907ed27c0570030836ca15ac616f99a1b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 413ce17e41e44b1fdd09f51b6e222c3adefe40586b4ad42ec04dbf39da488367
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13D06C3219410DBBDF028F84DD06EDA3BAAFB48714F018000BE1856020C732E821EB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00881CBC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3098949447-0
                                                                                                                                                                                                                                                  • Opcode ID: 0b0f9253642ed4f1d228144fbe124180923c7064a01b439bdd8fd22015bcdf62
                                                                                                                                                                                                                                                  • Instruction ID: d23b72e2465eece397870ca7cfc25e436473e11f75da6cbc0642f1d13edcca0b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b0f9253642ed4f1d228144fbe124180923c7064a01b439bdd8fd22015bcdf62
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41C092363EC304AFF3158B81BC5AF507765A348B02F048401F609A96F3D3B22820FB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0091961A
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0091965B
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0091969F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009196C9
                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 009196F2
                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 0091978B
                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000009), ref: 00919798
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009197AE
                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 009197B8
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009197E9
                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00919810
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001030,?,00917E95), ref: 00919918
                                                                                                                                                                                                                                                  • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0091992E
                                                                                                                                                                                                                                                  • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00919941
                                                                                                                                                                                                                                                  • SetCapture.USER32(?), ref: 0091994A
                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 009199AF
                                                                                                                                                                                                                                                  • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009199BC
                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009199D6
                                                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 009199E1
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00919A19
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00919A26
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 00919A80
                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00919AAE
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00919AEB
                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00919B1A
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00919B3B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00919B4A
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00919B68
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00919B75
                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00919B93
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 00919BFA
                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00919C2B
                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00919C84
                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00919CB4
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00919CDE
                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00919D01
                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00919D4E
                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00919D82
                                                                                                                                                                                                                                                    • Part of subcall function 00899944: GetWindowLongW.USER32(?,000000EB), ref: 00899952
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00919E05
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                  • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                  • Opcode ID: 1fcd10ddd6a620430ecc9916e8393bc0e7a42f4dcc845c962393c2ce44dde869
                                                                                                                                                                                                                                                  • Instruction ID: 6af33ab8280cb012a7903e6ea95f4e9868d17a11f2b66a5de2a28b3c71ec8e9a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fcd10ddd6a620430ecc9916e8393bc0e7a42f4dcc845c962393c2ce44dde869
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E429F74308205EFD724CF28CC64BEABBE9FF89354F144619F59A872A1D7319890DB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009148F3
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00914908
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00914927
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0091494B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0091495C
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0091497B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009149AE
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009149D4
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00914A0F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00914A56
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00914A7E
                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00914A97
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00914AF2
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00914B20
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00914B94
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00914BE3
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00914C82
                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00914CAE
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00914CC9
                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 00914CF1
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00914D13
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00914D33
                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 00914D5A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                  • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                  • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                  • Opcode ID: 5231a17895a588206d1ca37868d4ababd213e3df57dd9f0dc66633e5d2698cb1
                                                                                                                                                                                                                                                  • Instruction ID: 68304dc62648aaca7ce1bff34a5e18e30226a069be42f61265d0c669b9a74230
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5231a17895a588206d1ca37868d4ababd213e3df57dd9f0dc66633e5d2698cb1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C12FC71744218ABEB249F28CC49FEE7BB8EF49710F144129F516EB2E1DB789981CB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0089F998
                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008DF474
                                                                                                                                                                                                                                                  • IsIconic.USER32(00000000), ref: 008DF47D
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000009), ref: 008DF48A
                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 008DF494
                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008DF4AA
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008DF4B1
                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008DF4BD
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 008DF4CE
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 008DF4D6
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 008DF4DE
                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 008DF4E1
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 008DF4F6
                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 008DF501
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 008DF50B
                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 008DF510
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 008DF519
                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 008DF51E
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 008DF528
                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 008DF52D
                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 008DF530
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,000000FF,00000000), ref: 008DF557
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                  • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                  • Opcode ID: 6324c992390d0608fb4b0145d40ac11e64fd6afb2f29ada5a9c62d465e9cb73a
                                                                                                                                                                                                                                                  • Instruction ID: a139dea47367c4b1fa3b12578531ccfd47f459f3b1bf2b29271ea92d6bdf4ada
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6324c992390d0608fb4b0145d40ac11e64fd6afb2f29ada5a9c62d465e9cb73a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E313EB1B94218BAEB216BB55C4AFBF7F6DFB44B50F104066FA01E61D1C6B15900FAA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008E170D
                                                                                                                                                                                                                                                    • Part of subcall function 008E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008E173A
                                                                                                                                                                                                                                                    • Part of subcall function 008E16C3: GetLastError.KERNEL32 ref: 008E174A
                                                                                                                                                                                                                                                  • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 008E1286
                                                                                                                                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008E12A8
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008E12B9
                                                                                                                                                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008E12D1
                                                                                                                                                                                                                                                  • GetProcessWindowStation.USER32 ref: 008E12EA
                                                                                                                                                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 008E12F4
                                                                                                                                                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 008E1310
                                                                                                                                                                                                                                                    • Part of subcall function 008E10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008E11FC), ref: 008E10D4
                                                                                                                                                                                                                                                    • Part of subcall function 008E10BF: CloseHandle.KERNEL32(?,?,008E11FC), ref: 008E10E9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                  • String ID: $default$winsta0
                                                                                                                                                                                                                                                  • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                  • Opcode ID: ee79e02038125a5608d30ada78c3d2032c3d234c9d40718f738685220a114037
                                                                                                                                                                                                                                                  • Instruction ID: 64913c85b6b3427f26d31d63703cfbd2b8a3e934b342ff1935e0a6cef8ec00cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee79e02038125a5608d30ada78c3d2032c3d234c9d40718f738685220a114037
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF81A2B1A40289AFDF119FA9DC49FEE7BBAFF05704F148119F911E62A0C7708944DB25
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008E1114
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E1120
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E112F
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E1136
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008E114D
                                                                                                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008E0BCC
                                                                                                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008E0C00
                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 008E0C17
                                                                                                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 008E0C51
                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008E0C6D
                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 008E0C84
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008E0C8C
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 008E0C93
                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008E0CB4
                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 008E0CBB
                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008E0CEA
                                                                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008E0D0C
                                                                                                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008E0D1E
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E0D45
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0D4C
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E0D55
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0D5C
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E0D65
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0D6C
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 008E0D78
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0D7F
                                                                                                                                                                                                                                                    • Part of subcall function 008E1193: GetProcessHeap.KERNEL32(00000008,008E0BB1,?,00000000,?,008E0BB1,?), ref: 008E11A1
                                                                                                                                                                                                                                                    • Part of subcall function 008E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008E0BB1,?), ref: 008E11A8
                                                                                                                                                                                                                                                    • Part of subcall function 008E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008E0BB1,?), ref: 008E11B7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4175595110-0
                                                                                                                                                                                                                                                  • Opcode ID: f3c8cbffba7feb0e871e394f437f3da05db10fe9fcc5b7836396f080120b1183
                                                                                                                                                                                                                                                  • Instruction ID: 60cb0d49568589157fdf6e828c8b7b31d16d029261214aa4c0772e1e77aedd2b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3c8cbffba7feb0e871e394f437f3da05db10fe9fcc5b7836396f080120b1183
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A719CB1A4424AEBDF10DFA5DC44BEEBBB8FF09300F148A15E914E6190D7B4A945CF60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OpenClipboard.USER32(0091CC08), ref: 008FEB29
                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 008FEB37
                                                                                                                                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 008FEB43
                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 008FEB4F
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 008FEB87
                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 008FEB91
                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 008FEBBC
                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 008FEBC9
                                                                                                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 008FEBD1
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 008FEBE2
                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 008FEC22
                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000F), ref: 008FEC38
                                                                                                                                                                                                                                                  • GetClipboardData.USER32(0000000F), ref: 008FEC44
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 008FEC55
                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 008FEC77
                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 008FEC94
                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 008FECD2
                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 008FECF3
                                                                                                                                                                                                                                                  • CountClipboardFormats.USER32 ref: 008FED14
                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 008FED59
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 420908878-0
                                                                                                                                                                                                                                                  • Opcode ID: 0a58f56ed3eba840ad1c68bb8f07244283471096640c951bd8ce83664365c94f
                                                                                                                                                                                                                                                  • Instruction ID: a7e39f02000d9df7f29aba5dd83aeddb775986a80c69fd140d6ba2cb725077e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a58f56ed3eba840ad1c68bb8f07244283471096640c951bd8ce83664365c94f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE61DC7420820AAFD300EF28C884F7A77A4FF84754F088519F596D72B2DB31E905DB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 008F69BE
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F6A12
                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 008F6A4E
                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 008F6A75
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 008F6AB2
                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 008F6ADF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                  • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                  • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                  • Opcode ID: bd25bb415ae9705bb465217ef3148a044afaf65b2310e3a5a90d8e868269c468
                                                                                                                                                                                                                                                  • Instruction ID: 60c273012d6f5aa0b2f9a194c6a71dc210cd5c2acb9803b4b736de87fbbdd30e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd25bb415ae9705bb465217ef3148a044afaf65b2310e3a5a90d8e868269c468
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAD14BB2508304AAC714EBA8C981EBBB7E8FF98704F44491DF685D6191EB74DA44CB63
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 008F9663
                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 008F96A1
                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 008F96BB
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 008F96D3
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F96DE
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 008F96FA
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F974A
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00946B7C), ref: 008F9768
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 008F9772
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F977F
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F978F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                  • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                  • Opcode ID: 82975adcf59ad7dbf617b487c833b21fa96ee0cc7b12faa279d478a53f74f18f
                                                                                                                                                                                                                                                  • Instruction ID: 18d791a861ab7f1cbda5de3f2e1f12595a2f2538af285b3f19d38b116788e829
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82975adcf59ad7dbf617b487c833b21fa96ee0cc7b12faa279d478a53f74f18f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A31E2B264421D6BDB10AFB4DC08BEE37ACEF49321F108455FA65E21A0EB34DD80CA10
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 008F97BE
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 008F9819
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F9824
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 008F9840
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F9890
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00946B7C), ref: 008F98AE
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 008F98B8
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F98C5
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F98D5
                                                                                                                                                                                                                                                    • Part of subcall function 008EDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 008EDB00
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                  • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                  • Opcode ID: 79feca6af464418a11f6e4af8051096e6b1d3b326f3d54fcc85cf94fbe91842e
                                                                                                                                                                                                                                                  • Instruction ID: 0b205435426a79d0764a869ed7e7756e7b197f37e8e77d3c95d3712e9d9b2610
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79feca6af464418a11f6e4af8051096e6b1d3b326f3d54fcc85cf94fbe91842e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7231F47165421D6AEB10EFB4DC48BEE37ACFF46364F108165F9A0E2190DB30DE85CA61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0090B6AE,?,?), ref: 0090C9B5
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090C9F1
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA68
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA9E
                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0090BF3E
                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0090BFA9
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0090BFCD
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0090C02C
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0090C0E7
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0090C154
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0090C1E9
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0090C23A
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0090C2E3
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0090C382
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0090C38F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3102970594-0
                                                                                                                                                                                                                                                  • Opcode ID: 2262ea244c0d6f6afaa365ad2f1a88eacc9ff1bb612cb898d1546a1118c82552
                                                                                                                                                                                                                                                  • Instruction ID: 954d543c71fe80acf8f32543880ff52e6e4db6b7705ac86d6e3b97cd3f4543c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2262ea244c0d6f6afaa365ad2f1a88eacc9ff1bb612cb898d1546a1118c82552
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5023CB16042009FD714DF28C895E2ABBE9FF49314F18859DF84ADB2A2D731ED45CB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 008F8257
                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 008F8267
                                                                                                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008F8273
                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 008F8310
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F8324
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F8356
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008F838C
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F8395
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                  • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                  • Opcode ID: 6e83209ebea91c40ed1d76cc57842df4d5863f18b253ffa146ef19bc64f9f6f9
                                                                                                                                                                                                                                                  • Instruction ID: b160214f34cbf1d65fdd21c1020961b4f373835d5a3b51d423d9005ec74121b8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e83209ebea91c40ed1d76cc57842df4d5863f18b253ffa146ef19bc64f9f6f9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A615BB26083499FDB10EF64C8409AEB3E8FF89314F04891DFA99D7251DB31E945CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00883AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00883A97,?,?,00882E7F,?,?,?,00000000), ref: 00883AC2
                                                                                                                                                                                                                                                    • Part of subcall function 008EE199: GetFileAttributesW.KERNEL32(?,008ECF95), ref: 008EE19A
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 008ED122
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 008ED1DD
                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 008ED1F0
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 008ED20D
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 008ED237
                                                                                                                                                                                                                                                    • Part of subcall function 008ED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,008ED21C,?,?), ref: 008ED2B2
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?), ref: 008ED253
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008ED264
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                  • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                  • Opcode ID: 8fb369a4f1aaaa7c8f2f2e24577fde7564288ef14299312466d3d79049cc6939
                                                                                                                                                                                                                                                  • Instruction ID: 20c1bfdc1cba87fb61e1c9f941634c3c1889857b7b9b230025286875767abfe6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fb369a4f1aaaa7c8f2f2e24577fde7564288ef14299312466d3d79049cc6939
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A61593180524D9ACF15EBE5CA529FDB775FF16300F244065E412B7191EB31AF09DB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1737998785-0
                                                                                                                                                                                                                                                  • Opcode ID: 73db83fbd65abaa27cebc42676a7e257ea8ffdd1f01954076c7f119c3c079884
                                                                                                                                                                                                                                                  • Instruction ID: af93cf1f03a801063145a60ec959eef69a642268f5d98cfb6a9bad46fb7b29b8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73db83fbd65abaa27cebc42676a7e257ea8ffdd1f01954076c7f119c3c079884
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB41CE71208215AFE320DF29E888B69BBE1FF44358F14C499E565CBA72C775EC41CB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008E170D
                                                                                                                                                                                                                                                    • Part of subcall function 008E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008E173A
                                                                                                                                                                                                                                                    • Part of subcall function 008E16C3: GetLastError.KERNEL32 ref: 008E174A
                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 008EE932
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                  • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                  • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                  • Opcode ID: 732711eb6f99e447d2ec0aab9e9e4e79d20bbb281f79ec81ec54b5fc715b42ba
                                                                                                                                                                                                                                                  • Instruction ID: f054dae0e090a0fa15572ed0f993aa17d5b23b9a21798aba15667a8f39df4217
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 732711eb6f99e447d2ec0aab9e9e4e79d20bbb281f79ec81ec54b5fc715b42ba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 530126B2B20255ABEB1476BA9C8AFFB769CF716744F144821F812E31D3E6B09C4481A0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00901276
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00901283
                                                                                                                                                                                                                                                  • bind.WSOCK32(00000000,?,00000010), ref: 009012BA
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 009012C5
                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 009012F4
                                                                                                                                                                                                                                                  • listen.WSOCK32(00000000,00000005), ref: 00901303
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 0090130D
                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 0090133C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 540024437-0
                                                                                                                                                                                                                                                  • Opcode ID: 3c3a611e46f606a064392319ee6991eece25ebf6d4c8416fd13783bc6ed233f4
                                                                                                                                                                                                                                                  • Instruction ID: 8d20a75e795c19abaac7af6163a37fd8281ec501a3170234f64359b78703b00c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c3a611e46f606a064392319ee6991eece25ebf6d4c8416fd13783bc6ed233f4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E4160716001009FD710DF68D589B69BBE5BF86318F188198E8669F2D6C771ED81CBE1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00883AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00883A97,?,?,00882E7F,?,?,?,00000000), ref: 00883AC2
                                                                                                                                                                                                                                                    • Part of subcall function 008EE199: GetFileAttributesW.KERNEL32(?,008ECF95), ref: 008EE19A
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 008ED420
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 008ED470
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 008ED481
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008ED498
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008ED4A1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                  • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                  • Opcode ID: 70d8282767079a5b56d073024407a1f9d6032be184e2c527988275b5159db141
                                                                                                                                                                                                                                                  • Instruction ID: 825b39cb915b80163f80f1a4e10fe17f552184d9bbde39d044c9276ffcadbd20
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70d8282767079a5b56d073024407a1f9d6032be184e2c527988275b5159db141
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4313C7101C3859BC215FF68D8918AFB7A8FEA6314F444A2DF4E1D2191EB30EA09D767
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                  • Opcode ID: c1c9f0bf885baea69cb69417e537cecb26468f1de3714a0f7ffabe954b1792cc
                                                                                                                                                                                                                                                  • Instruction ID: 5673ceeac643cd62dcf347b7b14fd41087ba91241830006a15ea072f75a42674
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1c9f0bf885baea69cb69417e537cecb26468f1de3714a0f7ffabe954b1792cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AC22771E086298FDB25CE289D407EAB7B5FB49305F1441EAD94DE7341E774AE818F40
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F64DC
                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 008F6639
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0091FCF8,00000000,00000001,0091FB68,?), ref: 008F6650
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 008F68D4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                                                                                                  • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                  • Opcode ID: 01f50c09e0eeac2446bcf318b4ae4dcca28f7d312f8678bdac1fb5d27cc5532a
                                                                                                                                                                                                                                                  • Instruction ID: dfbcee3c85fc893d195865354172743578ad73592f2f9f683397a9497a830a35
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01f50c09e0eeac2446bcf318b4ae4dcca28f7d312f8678bdac1fb5d27cc5532a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4D15971508205AFD314EF28C881D6BB7E9FF98304F14496DF695DB291EB70E905CBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,00000000), ref: 009022E8
                                                                                                                                                                                                                                                    • Part of subcall function 008FE4EC: GetWindowRect.USER32(?,?), ref: 008FE504
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00902312
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00902319
                                                                                                                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00902355
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00902381
                                                                                                                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009023DF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2387181109-0
                                                                                                                                                                                                                                                  • Opcode ID: b376302ef7750d12e7ffdf053e66f46af5b3fd72280a74e322fde57c60f0d254
                                                                                                                                                                                                                                                  • Instruction ID: 378b4bef3b8b820247849918de78c8e22ec02889adc134c9d517f096f9d152a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b376302ef7750d12e7ffdf053e66f46af5b3fd72280a74e322fde57c60f0d254
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1431DE72608315AFC720DF14C849B9BBBAAFF84710F004919F985D7191DB34EA08CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 008F9B78
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 008F9C8B
                                                                                                                                                                                                                                                    • Part of subcall function 008F3874: GetInputState.USER32 ref: 008F38CB
                                                                                                                                                                                                                                                    • Part of subcall function 008F3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008F3966
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 008F9BA8
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 008F9C75
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                  • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                  • Opcode ID: 940f9642f4563983c09a9589a6566691f05117a2f716bce8972f0a77e84c2d61
                                                                                                                                                                                                                                                  • Instruction ID: 71301c7fba0154c18ed4506a49b01fd663ee3d4d439df8a5cf46d74a932c92e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 940f9642f4563983c09a9589a6566691f05117a2f716bce8972f0a77e84c2d61
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5414B7194420EABDF14EF68C885BEEBBB8FF05310F244056E955E2191EB309E84CF61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,?,?,?,?), ref: 00899A4E
                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00899B23
                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00899B36
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3131106179-0
                                                                                                                                                                                                                                                  • Opcode ID: 77bf090d52f2a88d2b74549b6cdb92ae5697bd6c0a865e2dbf42afcdb391c103
                                                                                                                                                                                                                                                  • Instruction ID: 912af0bee888ea9bfc7087720217f05730e65921aa7fbdea5999536e7b990c89
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77bf090d52f2a88d2b74549b6cdb92ae5697bd6c0a865e2dbf42afcdb391c103
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DA10970208528BFEF24BA2D9C59FBB27DDFB86314B18420EF542C6AD1DA259D41D372
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0090304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0090307A
                                                                                                                                                                                                                                                    • Part of subcall function 0090304E: _wcslen.LIBCMT ref: 0090309B
                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0090185D
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00901884
                                                                                                                                                                                                                                                  • bind.WSOCK32(00000000,?,00000010), ref: 009018DB
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 009018E6
                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 00901915
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1601658205-0
                                                                                                                                                                                                                                                  • Opcode ID: a8d5dee6439b25f638270e5d01ad7e64aca44397bbbbe86079bca6b0e5319a2e
                                                                                                                                                                                                                                                  • Instruction ID: d8b92d188c5fcab8f6a1ede6a50366ee316ca57c777a24db298f052a9bf7eef2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8d5dee6439b25f638270e5d01ad7e64aca44397bbbbe86079bca6b0e5319a2e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0518375A002109FEB10AF28D886F6A77E5EB44718F18C498FA159F3D3D771AD41CBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 292994002-0
                                                                                                                                                                                                                                                  • Opcode ID: d41449286ec21996561c9951f60e6ac60bab1ef70396258d1474a3d5a61c3b9e
                                                                                                                                                                                                                                                  • Instruction ID: 7969e120423c8f270ecedb3b43bc1abc04180ad4294f23c285eec03b6ccc1559
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d41449286ec21996561c9951f60e6ac60bab1ef70396258d1474a3d5a61c3b9e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E821B7717842156FE7209F1AD844B9A7BE9FF85354F198058E986CB391CB71EC82CBD0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                  • API String ID: 0-1546025612
                                                                                                                                                                                                                                                  • Opcode ID: 2bc87d473b384b6abaf04faa34addcb2b503edfa11d93c17595da0e5d0023291
                                                                                                                                                                                                                                                  • Instruction ID: fa58c12b16581bb4d026fc6366f07e4b0d3f2e15b41dabfdbb2d70ad76fe743b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bc87d473b384b6abaf04faa34addcb2b503edfa11d93c17595da0e5d0023291
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAA27C71A0061ACBDF24DF58C944BAEB7B1FF54314F6481AAE815E7285EB30ED91CB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 008EAAAC
                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(00000080), ref: 008EAAC8
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 008EAB36
                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 008EAB88
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                                                                                                  • Opcode ID: ccff7d4544369880c4629a971e4946018ddd729397de361d74689278f5e95a31
                                                                                                                                                                                                                                                  • Instruction ID: 278406e7893e7e0d91e283e4a86d1471c7c7f712af5f332d0c5403e8f6d665d2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccff7d4544369880c4629a971e4946018ddd729397de361d74689278f5e95a31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4312C70A40388AEFB388A66CC05BFA77A6FB96B30F04421AF181D61D0D375A985D753
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BBB7F
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000), ref: 008B29DE
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: GetLastError.KERNEL32(00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000,00000000), ref: 008B29F0
                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32 ref: 008BBB91
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,?,0095121C,000000FF,?,0000003F,?,?), ref: 008BBC09
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,?,00951270,000000FF,?,0000003F,?,?,?,0095121C,000000FF,?,0000003F,?,?), ref: 008BBC36
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 806657224-0
                                                                                                                                                                                                                                                  • Opcode ID: 5333635194feace1db42eba5aba829cbb110d0f61ea360a86c8047feca279e94
                                                                                                                                                                                                                                                  • Instruction ID: e68687e29805d01ebbd92b516feba3d5f60d9a91ba95d62a90990afe2ad92f4f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5333635194feace1db42eba5aba829cbb110d0f61ea360a86c8047feca279e94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0531CF70948205EFCB14DF6ACC90AAEBBB8FF45320B1446AAE060DB3A1D7709E40DB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,00000400,?), ref: 008FCE89
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 008FCEEA
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000), ref: 008FCEFE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 234945975-0
                                                                                                                                                                                                                                                  • Opcode ID: 298b1b18e8023262e11eac556cad869c290aa99a7d2505d844be39fceebcd854
                                                                                                                                                                                                                                                  • Instruction ID: ba11365ed9d3c53c68cdf53d6e4bbc2747b2961116ba1bc2189d1ce2c9574e19
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 298b1b18e8023262e11eac556cad869c290aa99a7d2505d844be39fceebcd854
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C621ACB164430D9BEB20CF65CA48BA6B7F8FB50318F10881AE646D2151EB70EA04DB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008E82AA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                  • String ID: ($|
                                                                                                                                                                                                                                                  • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                  • Opcode ID: 684f6e36354c4a5ebdb8b8cfbbda09f65049f72d953a0b534d5d3e65b7ac3f96
                                                                                                                                                                                                                                                  • Instruction ID: ff34cb07ca729c7ef2a905007d7c445628a756ae743506629372027b4af71f9e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 684f6e36354c4a5ebdb8b8cfbbda09f65049f72d953a0b534d5d3e65b7ac3f96
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75322474A04745DFCB28CF5AC481A6AB7F0FF48710B15856EE99ADB3A1EB70E941CB40
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 008F5CC1
                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 008F5D17
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 008F5D5F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3541575487-0
                                                                                                                                                                                                                                                  • Opcode ID: 0f009bd254908ec02509690103f59b1c23971ef498b813ac8539fc08ab8cc017
                                                                                                                                                                                                                                                  • Instruction ID: a4fedb577c48fddcadf37f47f3e45fb057adfca176d94e848d49b1119f56b7c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f009bd254908ec02509690103f59b1c23971ef498b813ac8539fc08ab8cc017
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF51CC746046059FD704EF28C484EA6B7E4FF4A318F14856DEA6ACB3A1DB30ED00CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 008B271A
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008B2724
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 008B2731
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                  • Opcode ID: d4a862007036ba0a6f159767e2b595190ecca0a23a08d90a7318301cc69d1a8f
                                                                                                                                                                                                                                                  • Instruction ID: 44231a2bfe11b946816d2e278db934ac370e391a6a93a1d8ce479c88b9745374
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4a862007036ba0a6f159767e2b595190ecca0a23a08d90a7318301cc69d1a8f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D31C4749512289BCB21DF68DC88BD8B7B8FF08310F5041EAE41CA6260EB309F818F45
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 008F51DA
                                                                                                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 008F5238
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 008F52A1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1682464887-0
                                                                                                                                                                                                                                                  • Opcode ID: f83596a73ca3e7a81c6e846b6642880149ac1146ee8a5cf3125859724f0195c8
                                                                                                                                                                                                                                                  • Instruction ID: f5343837c285f699ff6ec1a555f1ede48c0f5298cf37dba3c1f2e411929d7365
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f83596a73ca3e7a81c6e846b6642880149ac1146ee8a5cf3125859724f0195c8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92318F75A00508DFDB00DF64D884EADBBB4FF09318F088099E905EB362DB31E845CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0089FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008A0668
                                                                                                                                                                                                                                                    • Part of subcall function 0089FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008A0685
                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008E170D
                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008E173A
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008E174A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 577356006-0
                                                                                                                                                                                                                                                  • Opcode ID: 32efb02eb0e0ca1870310dab11982ad6c2f6dc081aa07903cf52d6ebf12bde59
                                                                                                                                                                                                                                                  • Instruction ID: e40223511f25e5f40bbddb82035b874657175aef7549b4d9ab886e11d48fe063
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32efb02eb0e0ca1870310dab11982ad6c2f6dc081aa07903cf52d6ebf12bde59
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A811C1B2514308AFDB18AF54DC8ADAAB7F9FB05714B24C52EE05697641EB70BC41CA20
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008ED608
                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 008ED645
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008ED650
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 33631002-0
                                                                                                                                                                                                                                                  • Opcode ID: e920505067e59bfd99778733b450b23b9b1ee960329189829c8975a2b532defb
                                                                                                                                                                                                                                                  • Instruction ID: 490af4e8c68456b9033636d2d52b0bfb96cf90a4281d781622f44f9ee649c1f9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e920505067e59bfd99778733b450b23b9b1ee960329189829c8975a2b532defb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25117CB1E45228BBDB108F959C44FEFBBBCEB45B50F108111F924E7290C2704A058BE1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008E168C
                                                                                                                                                                                                                                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008E16A1
                                                                                                                                                                                                                                                  • FreeSid.ADVAPI32(?), ref: 008E16B1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3429775523-0
                                                                                                                                                                                                                                                  • Opcode ID: a5c5bdfe66946985e0f280c1a2872c9cd1151d7ee829eed423e215df733d5b83
                                                                                                                                                                                                                                                  • Instruction ID: aa4c5b3b46f3830d75c287641ced63e6ffb850eeaec2ad30b209f7bc22a3986c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5c5bdfe66946985e0f280c1a2872c9cd1151d7ee829eed423e215df733d5b83
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF0F4B1A90309FBDF00DFE49C89EAEBBBCFB08604F508565E501E2191E774AA449A50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetUserNameW.ADVAPI32(?,?), ref: 008DD28C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameUser
                                                                                                                                                                                                                                                  • String ID: X64
                                                                                                                                                                                                                                                  • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                  • Opcode ID: 5dee592191d317b77f2b31bbf99cf381c99b4381dfbe6afbc52007109d0b2164
                                                                                                                                                                                                                                                  • Instruction ID: 40330c672fad80cbfe8036401ead0e2761d6662adafe0a0c7218ac6837448000
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dee592191d317b77f2b31bbf99cf381c99b4381dfbe6afbc52007109d0b2164
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52D0CAB581522DEACF94DBA0EC88DDAB3BCFB08349F104292F146E2100DB30A6489F20
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                  • Instruction ID: 0ce93bf9f9326e47cdd5d501d520aa076e36fa06db0e224c3193bb396b89134e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E020B71E002199FEF14CFA9C8806ADFBF1FF49324F25816AD919E7784D731AA418B94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 008F6918
                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008F6961
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                                                  • Opcode ID: 33552a6494b25664e1972781980d41f5f84bcebbd8c768d4624bc2e681626c68
                                                                                                                                                                                                                                                  • Instruction ID: 08176e3aeac320c28ae5700d1734252601c28fe4277d4e21a2804d5ad28d1d00
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33552a6494b25664e1972781980d41f5f84bcebbd8c768d4624bc2e681626c68
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E811D0716142049FD710DF29D484A26BBE0FF84328F14C699E569CF2A2DB70EC05CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00904891,?,?,00000035,?), ref: 008F37E4
                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00904891,?,?,00000035,?), ref: 008F37F4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                                                                                                                                  • Opcode ID: 4ae6b77e2b0ad850fca362f627f20dca5958ab5192bbd4ad4aa2a9d6a74e20a9
                                                                                                                                                                                                                                                  • Instruction ID: 3e52171aadedbe7ff31ea2f9815e941a66e6157a6e239e9c68c4cd21adac96c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ae6b77e2b0ad850fca362f627f20dca5958ab5192bbd4ad4aa2a9d6a74e20a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3F0ECB07042192AD71027755C4DFEB36AEFFC5761F000175F505D2281D9709944C7B1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 008EB25D
                                                                                                                                                                                                                                                  • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 008EB270
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3536248340-0
                                                                                                                                                                                                                                                  • Opcode ID: ee7dd6bf1d6b6ba94a72473cc98a9dc494f0d887aeaeb1cd915c3b0d3a525ad3
                                                                                                                                                                                                                                                  • Instruction ID: 569c15071ecd1d9347f130281b0facfc032733cd5f6ddf3cfda38d472d88dc6f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee7dd6bf1d6b6ba94a72473cc98a9dc494f0d887aeaeb1cd915c3b0d3a525ad3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0F01D7195428DABDB059FA1C805BEE7BB4FF05309F008009F965A6191C3799611DF94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008E11FC), ref: 008E10D4
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,008E11FC), ref: 008E10E9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 81990902-0
                                                                                                                                                                                                                                                  • Opcode ID: 1ff9f840a8477f3fb300459fecf4ea6b667bc15fbdb596638fb6e1dcf4bb7bb5
                                                                                                                                                                                                                                                  • Instruction ID: 176654d3e38cd87add79cb42f04e44adf7559913205126db5e37f16a0799ace8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ff9f840a8477f3fb300459fecf4ea6b667bc15fbdb596638fb6e1dcf4bb7bb5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0BF72158610AFEB292B55FC09EB777A9FB05310B24C82DF5A5C44B1DB626C90EB50
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • Variable is not of type 'Object'., xrefs: 008D0C40
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                  • API String ID: 0-1840281001
                                                                                                                                                                                                                                                  • Opcode ID: c93d00910131a21440235ad8f7aac12482a29d35ffda5ed530cfde5a8303db4a
                                                                                                                                                                                                                                                  • Instruction ID: df42a9fdfd91e18184f47fafb062832774c0b6fab6c4ecdf20cb791fa0764b5d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c93d00910131a21440235ad8f7aac12482a29d35ffda5ed530cfde5a8303db4a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3329870900218DBDF14EF94D980BEDB7B5FF05308F24816AE806EB286DB75AE45CB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008B6766,?,?,00000008,?,?,008BFEFE,00000000), ref: 008B6998
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                  • Opcode ID: 6f9f692a591161575231d6b4686b013a9685251cbfe8dc9ba5e393555173a5b9
                                                                                                                                                                                                                                                  • Instruction ID: bba63be7f02e12d711eb785fab31920bef63e0d98fb95b8969edf07c0f693e64
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f9f692a591161575231d6b4686b013a9685251cbfe8dc9ba5e393555173a5b9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57B16E31610609DFDB15CF28C486BA57BE0FF05364F298658E899CF3A2D739E9A1CB40
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 174ac041882e20815f27587a9a3b7bd805a681b4773ffdd73019ff9f5ce14abc
                                                                                                                                                                                                                                                  • Instruction ID: 1e9c95263d394f490fdd16ae68b527e7c296a8f11264d94a6170fb03d07ffab9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 174ac041882e20815f27587a9a3b7bd805a681b4773ffdd73019ff9f5ce14abc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE125C71A00229DBCF24DF58D9816EEB7B5FF48710F1481AAE849EB351DB309A81DF94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • BlockInput.USER32(00000001), ref: 008FEABD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BlockInput
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3456056419-0
                                                                                                                                                                                                                                                  • Opcode ID: 7f7e9a44a8cce97f7e32a6c2d0ac4abda30a298587a432ec26ce5eabad212a15
                                                                                                                                                                                                                                                  • Instruction ID: 49a23df17d3d323da0424709288e838f75ee04c0f3faf8baddf07c96fb18bea3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f7e9a44a8cce97f7e32a6c2d0ac4abda30a298587a432ec26ce5eabad212a15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0E01A712102189FD710EF69D804E9ABBE9FFA8764F008416FD49C7261DAB0A8408BA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008A03EE), ref: 008A09DA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                  • Opcode ID: b9cb87468f80ffd98bdea4ceaa14172e8ea88953198c333f633ef5cf546fba6f
                                                                                                                                                                                                                                                  • Instruction ID: 7b4cbc3b75499490a1633b5e314d2856eb6201e57fd573c8ba96f1a12b8889ba
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9cb87468f80ffd98bdea4ceaa14172e8ea88953198c333f633ef5cf546fba6f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                  • Instruction ID: 81c3914124f3689a1cd5c961231cf76d52588c0120a76c7cd5753cf3bccd0432
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C51466160C6499AFB3845288C597BF2B89FB13344F1C053AD886D7E82D61DEE05F35A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1ad6e06dad22bc8433dbde365ef9fbb82652a5d13982100ba1e57c9d26e55c89
                                                                                                                                                                                                                                                  • Instruction ID: 362aae3a1b1e9d3a883b259925498dac4aca68c145e5b5034025058896c4b0cd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ad6e06dad22bc8433dbde365ef9fbb82652a5d13982100ba1e57c9d26e55c89
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A032F022D2DF414DD7339634D822336A689EFB73C5F15D737E82AB5AA9EB29C4835100
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f43b193208dbb2f2474ea7edbe8feeff20be08bb5a8476204d5651af5e112c1c
                                                                                                                                                                                                                                                  • Instruction ID: e9b2ee5668a253a807393cd0971e09b3956184bc3b79e79b9834254ae3aa0bf3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f43b193208dbb2f2474ea7edbe8feeff20be08bb5a8476204d5651af5e112c1c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC322531A4411B8BDF28CF69C890A7D7BA1FF45318F28866BD84ACB391D631DD81DB40
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: def8296e61536757ea058269f8da723ebf4076d5e124b8e8bd4e7c267e99e7e7
                                                                                                                                                                                                                                                  • Instruction ID: 24d211e9db6e18f09b2dd74599abcf8173b50558574433e4527a974e45ead8b2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: def8296e61536757ea058269f8da723ebf4076d5e124b8e8bd4e7c267e99e7e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6422BFB0A046099FDF14DFA8C881BAEB7B6FF44314F244529E816EB291EB35E950CB51
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 56e2c8585f5ab0b312da43860fb5385ba1a1da4b90a182566dcdf98532dece23
                                                                                                                                                                                                                                                  • Instruction ID: 14ab3ff0acb6b9947687cc10bfd00a6475adf30c0ada9dd5a07d66269539089a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56e2c8585f5ab0b312da43860fb5385ba1a1da4b90a182566dcdf98532dece23
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B902A5B0A10119EFDF04EF58D841BADB7B1FF54304F548169E956DB291EB31EA10CB91
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 78d14bee329315b290757800c0594798db7f75b41d50965c0688133e23fc6ca4
                                                                                                                                                                                                                                                  • Instruction ID: 8fd03b842b9ad982489efbe49d506dfdf834f4bc09280fe56f561bc4ae32109d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78d14bee329315b290757800c0594798db7f75b41d50965c0688133e23fc6ca4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FB1F120D3AF414DD32396398831336B69CAFBB6D5F91D71BFC2674E22EB2686835140
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                  • Instruction ID: ae5962273a0b904434c067ec9ceb4b065f4128a0ba1b0b764cf78f2123346ec3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD9157726080A34AFF294639857C07EFFE1EA533B1B1A079DD4F2CA9C5FE149964D620
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                  • Instruction ID: 71e8acfdb608e176b9b3822a18ded17a30345008fc34ac59e229be54f73905d3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C9154722090E34DFB79423D857843EFFE1EA933A171A079DE4F2CA9C5EE249554E620
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                  • Instruction ID: 30fe702218617d97083cfcde397077e1a2001302d1b723af58e8192ca0187390
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 779141722090B24AFF69427A857C03EFEE1AA933B1B1A079DD4F2CA9C1FD249555D620
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1a7892532af15caca31ef041a54b4f83b39d001fd6d73e952c4be8b5deccec73
                                                                                                                                                                                                                                                  • Instruction ID: de5be2a59c1193cdf95df14f9578d2665eedb9de94734de4bf3df0e255af5de2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a7892532af15caca31ef041a54b4f83b39d001fd6d73e952c4be8b5deccec73
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C6179B1208719A6FB349A2C8C95BBF2394FF43364F140919E942DBE81D611AE43F376
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9685fdeda11f3aef6026e587c2618ace5c8137fea7f7f310603652035fefaa5e
                                                                                                                                                                                                                                                  • Instruction ID: db08d3dc2dc4613a323ae0bcba98ca490c9e980cea595eea1157f37dd1b81a46
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9685fdeda11f3aef6026e587c2618ace5c8137fea7f7f310603652035fefaa5e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C618A7160870996FF384A2C4C65BBF2384FF43B04F140959E943CBE89EA56AD42B366
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                  • Instruction ID: 85791e1b5ef6e88849410596f321b1903b709e447f435c18460483bc379b696a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E58153726090A309FF6D4239857843EFFE1FA933A1B1E17ADD4F2CA9C5EE148554D620
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f3693c815779cec3a33c8d6278170fe4fdc6740a9881a085fa94f623fabe5e20
                                                                                                                                                                                                                                                  • Instruction ID: fc54de8ef03b78f3b3e8c164f270985dc5d4efe624fe4e53b6df95d29f729943
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3693c815779cec3a33c8d6278170fe4fdc6740a9881a085fa94f623fabe5e20
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF21A8326216158BDB28CF79C81267A73E5F7A4310F15862EE4A7C37D0DE35A904DB40
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00902B30
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00902B43
                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00902B52
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00902B6D
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00902B74
                                                                                                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00902CA3
                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00902CB1
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902CF8
                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00902D04
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00902D40
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902D62
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902D75
                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902D80
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00902D89
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902D98
                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00902DA1
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902DA8
                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00902DB3
                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902DC5
                                                                                                                                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,0091FC38,00000000), ref: 00902DDB
                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00902DEB
                                                                                                                                                                                                                                                  • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00902E11
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00902E30
                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00902E52
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0090303F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                  • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                  • Opcode ID: 56627ab82b6e6682045d3bad4bb01a1ec704fed04b27aa16696485bf4e7b98e9
                                                                                                                                                                                                                                                  • Instruction ID: 3a92252f3d114f5c7247408f115c7660afd44d09157ca8f07a364ba2acdeaf20
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56627ab82b6e6682045d3bad4bb01a1ec704fed04b27aa16696485bf4e7b98e9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9028DB1610215AFDB14DF68CC89EAE7BB9FF49711F108558F915AB2A1C770ED00DB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0091712F
                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00917160
                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0091716C
                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,000000FF), ref: 00917186
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00917195
                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 009171C0
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000010), ref: 009171C8
                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 009171CF
                                                                                                                                                                                                                                                  • FrameRect.USER32(?,?,00000000), ref: 009171DE
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 009171E5
                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 00917230
                                                                                                                                                                                                                                                  • FillRect.USER32(?,?,?), ref: 00917262
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00917284
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: GetSysColor.USER32(00000012), ref: 00917421
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: SetTextColor.GDI32(?,?), ref: 00917425
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: GetSysColorBrush.USER32(0000000F), ref: 0091743B
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: GetSysColor.USER32(0000000F), ref: 00917446
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: GetSysColor.USER32(00000011), ref: 00917463
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00917471
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: SelectObject.GDI32(?,00000000), ref: 00917482
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: SetBkColor.GDI32(?,00000000), ref: 0091748B
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: SelectObject.GDI32(?,?), ref: 00917498
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009174B7
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009174CE
                                                                                                                                                                                                                                                    • Part of subcall function 009173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009174DB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4124339563-0
                                                                                                                                                                                                                                                  • Opcode ID: 2fa0ff887a04f5ef9fdd7b03c3efcc043acd94b45645cbaaa5a31abbe1bc2a65
                                                                                                                                                                                                                                                  • Instruction ID: c62c3c4f4660d8021658ceeb6f693491c985f686c2d7210ea60af0ff29e98433
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fa0ff887a04f5ef9fdd7b03c3efcc043acd94b45645cbaaa5a31abbe1bc2a65
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7A1C1B225C306FFDB019FA0DC48A9BBBB9FB49320F104A19F962961E1D734E941DB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?), ref: 00898E14
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 008D6AC5
                                                                                                                                                                                                                                                  • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 008D6AFE
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 008D6F43
                                                                                                                                                                                                                                                    • Part of subcall function 00898F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00898BE8,?,00000000,?,?,?,?,00898BBA,00000000,?), ref: 00898FC5
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001053), ref: 008D6F7F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 008D6F96
                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 008D6FAC
                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 008D6FB7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: cb6233843b5290e7075a1af595a6421878fb1bc14610ede1c97c9851d3d4d523
                                                                                                                                                                                                                                                  • Instruction ID: f78f293986139fc5d130a5b689efd3b2d2d8ceb1c0ee4ade92f5a98ce9ed2438
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb6233843b5290e7075a1af595a6421878fb1bc14610ede1c97c9851d3d4d523
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E712DE7020420ADFCB25DF28D864BA9B7E1FF45314F18866AF495CB261DB31EC61DB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 0090273E
                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0090286A
                                                                                                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009028A9
                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009028B9
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00902900
                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 0090290C
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00902955
                                                                                                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00902964
                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00902974
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00902978
                                                                                                                                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00902988
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00902991
                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 0090299A
                                                                                                                                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009029C6
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 009029DD
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00902A1D
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00902A31
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 00902A42
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00902A77
                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00902A82
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00902A8D
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00902A97
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                  • Opcode ID: af012465f559e61742fb4ec61359662c55356d68be8df4bd4495d80c5a6953f6
                                                                                                                                                                                                                                                  • Instruction ID: 8b1c2195710239746f376810750c46dca1ae11c85ceda8475a8c23198c0c83ac
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af012465f559e61742fb4ec61359662c55356d68be8df4bd4495d80c5a6953f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DB149B1A50215AFEB14DFA8CC89FAE7BA9FB48711F108114F914E72D0D770AD40CBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 008F4AED
                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,0091CB68,?,\\.\,0091CC08), ref: 008F4BCA
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,0091CB68,?,\\.\,0091CC08), ref: 008F4D36
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                  • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                  • Opcode ID: b005deb2743e269cf669ac5f8ca4381b3cd64925f8d85da1dbba15be158cc568
                                                                                                                                                                                                                                                  • Instruction ID: 4da985bf3ec1291cb17c83299b2b8039b5a19a054d34f676e9dcbbb9125b62ae
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b005deb2743e269cf669ac5f8ca4381b3cd64925f8d85da1dbba15be158cc568
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C61B4B064520D9BCB14EF38C981D7A77A0FB86718B246017FA06EB292DB35DD41DB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00917421
                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00917425
                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0091743B
                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00917446
                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(?), ref: 0091744B
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 00917463
                                                                                                                                                                                                                                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00917471
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00917482
                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 0091748B
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00917498
                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 009174B7
                                                                                                                                                                                                                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009174CE
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 009174DB
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0091752A
                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00917554
                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 00917572
                                                                                                                                                                                                                                                  • DrawFocusRect.USER32(?,?), ref: 0091757D
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 0091758E
                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00917596
                                                                                                                                                                                                                                                  • DrawTextW.USER32(?,009170F5,000000FF,?,00000000), ref: 009175A8
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 009175BF
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 009175CA
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 009175D0
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 009175D5
                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 009175DB
                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 009175E5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1996641542-0
                                                                                                                                                                                                                                                  • Opcode ID: c015e1f7b20e6f92f8d4175b4ba5850372e1cb4a6ffaad9ab154b7114c8598be
                                                                                                                                                                                                                                                  • Instruction ID: 86e7cb32a0c6f0783d2f501b2b33e2ce1df62cdac21847a168b75ffc73ba77c9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c015e1f7b20e6f92f8d4175b4ba5850372e1cb4a6ffaad9ab154b7114c8598be
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D6170B2A48219BFDF019FA4DC49EEEBF79EB08320F108115F911AB2A1D7749940DB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00911128
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0091113D
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00911144
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00911199
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 009111B9
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009111ED
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0091120B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0091121D
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,?), ref: 00911232
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00911245
                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(00000000), ref: 009112A1
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009112BC
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009112D0
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 009112E8
                                                                                                                                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 0091130E
                                                                                                                                                                                                                                                  • GetMonitorInfoW.USER32(00000000,?), ref: 00911328
                                                                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 0091133F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000412,00000000), ref: 009113AA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                  • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                  • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                  • Opcode ID: 8c070656961e186f83b6c39d59705311caa23947e6c88e7f0ad3dd4614dcb554
                                                                                                                                                                                                                                                  • Instruction ID: 42d4628fdc94d2ca32cb0975e6dd5656f4560adbcb8ea24113a041cd9c854f99
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c070656961e186f83b6c39d59705311caa23947e6c88e7f0ad3dd4614dcb554
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58B18071608345AFD714DF64C885BAEBBE4FF88750F00891CFA999B2A1C771E885CB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00898968
                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00898970
                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0089899B
                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 008989A3
                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 008989C8
                                                                                                                                                                                                                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008989E5
                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008989F5
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00898A28
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00898A3C
                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,000000FF), ref: 00898A5A
                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00898A76
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00898A81
                                                                                                                                                                                                                                                    • Part of subcall function 0089912D: GetCursorPos.USER32(?), ref: 00899141
                                                                                                                                                                                                                                                    • Part of subcall function 0089912D: ScreenToClient.USER32(00000000,?), ref: 0089915E
                                                                                                                                                                                                                                                    • Part of subcall function 0089912D: GetAsyncKeyState.USER32(00000001), ref: 00899183
                                                                                                                                                                                                                                                    • Part of subcall function 0089912D: GetAsyncKeyState.USER32(00000002), ref: 0089919D
                                                                                                                                                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,008990FC), ref: 00898AA8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                  • Opcode ID: d7b34262c8470e15601df2e9f086ebaabef2248616f35f028d0f3dcd046bcc36
                                                                                                                                                                                                                                                  • Instruction ID: 0dfb994e49ecddc587a1fa0f7a430b853283282c617e015cff1a3ddc90b8cc36
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7b34262c8470e15601df2e9f086ebaabef2248616f35f028d0f3dcd046bcc36
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CB17A71A4420AEFDF14DFA8D845BAE3BB5FB48315F14422AFA15EB290DB34A840DB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008E1114
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E1120
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E112F
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E1136
                                                                                                                                                                                                                                                    • Part of subcall function 008E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008E114D
                                                                                                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008E0DF5
                                                                                                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008E0E29
                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 008E0E40
                                                                                                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 008E0E7A
                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008E0E96
                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 008E0EAD
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008E0EB5
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 008E0EBC
                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008E0EDD
                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 008E0EE4
                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008E0F13
                                                                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008E0F35
                                                                                                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008E0F47
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E0F6E
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0F75
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E0F7E
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0F85
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E0F8E
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0F95
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 008E0FA1
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E0FA8
                                                                                                                                                                                                                                                    • Part of subcall function 008E1193: GetProcessHeap.KERNEL32(00000008,008E0BB1,?,00000000,?,008E0BB1,?), ref: 008E11A1
                                                                                                                                                                                                                                                    • Part of subcall function 008E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008E0BB1,?), ref: 008E11A8
                                                                                                                                                                                                                                                    • Part of subcall function 008E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008E0BB1,?), ref: 008E11B7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4175595110-0
                                                                                                                                                                                                                                                  • Opcode ID: fb52d48b3156ce27381bd84fee9da575eac48f26f3bdc27a2ec118a830295f71
                                                                                                                                                                                                                                                  • Instruction ID: 20174723025a5cfc942ffdfe4fea0d1ea5c2b38118ba9bae6a93d0a72598f13b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb52d48b3156ce27381bd84fee9da575eac48f26f3bdc27a2ec118a830295f71
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF718DB1A0424AABDF209FA5DC44BEEBBB8FF09300F048515F959E6191DB709D55CF60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0090C4BD
                                                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,0091CC08,00000000,?,00000000,?,?), ref: 0090C544
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0090C5A4
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090C5F4
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090C66F
                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0090C6B2
                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0090C7C1
                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0090C84D
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0090C881
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0090C88E
                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0090C960
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                  • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                  • Opcode ID: 7b16f56bdc24d7937a60ccee19f7da86ec8cb417744b766eba5ecf645d41b2a7
                                                                                                                                                                                                                                                  • Instruction ID: 9d326ca60b91fbe0deb0764e1c909ca1ea3811243e1aad4b2f47c5c26141d6ce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b16f56bdc24d7937a60ccee19f7da86ec8cb417744b766eba5ecf645d41b2a7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A125A756082019FDB14EF18C881A2AB7E5FF89714F14895CF85A9B3A2DB31FD41CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 009109C6
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00910A01
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00910A54
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00910A8A
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00910B06
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00910B81
                                                                                                                                                                                                                                                    • Part of subcall function 0089F9F2: _wcslen.LIBCMT ref: 0089F9FD
                                                                                                                                                                                                                                                    • Part of subcall function 008E2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008E2BFA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                  • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                  • Opcode ID: ef3faf76f620fb7577ae913dfcf5ed81e156b103c1aa016a401f2f7190b7d0ae
                                                                                                                                                                                                                                                  • Instruction ID: 679f958f000e369d39a2c10792c9dfaebbd09f1d849ddb892d753e50d5e35882
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef3faf76f620fb7577ae913dfcf5ed81e156b103c1aa016a401f2f7190b7d0ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9E19C352083058FCB14EF28C45096AB7E5FFD8318B14895DF8969B3A2D772ED85CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                  • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                  • Opcode ID: c7fe1eb85570a211048fdaf9bb2c57643656f8780a9243bf7d5043bf5d4ef757
                                                                                                                                                                                                                                                  • Instruction ID: 9e235c7fbee0bc8cc0a8affdfa8de3b3261e1c372510964217b9da95f7a7270c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7fe1eb85570a211048fdaf9bb2c57643656f8780a9243bf7d5043bf5d4ef757
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7471F3B260016A8FCB20DF6CC9519BF3399ABA1754F650B28FC66E72C5E635CD44C3A1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0091835A
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0091836E
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00918391
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 009183B4
                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009183F2
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0091361A,?), ref: 0091844E
                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00918487
                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009184CA
                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00918501
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0091850D
                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0091851D
                                                                                                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 0091852C
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00918549
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00918555
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                  • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                  • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                  • Opcode ID: b4c4d46bbce0fae480c098ff0317982774b7b83bf6b40f1f1cd9d6ff33720d74
                                                                                                                                                                                                                                                  • Instruction ID: a976b6bf4b43711ce3d3376c018d1774300e24733b96daf734dcc20e643d0331
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4c4d46bbce0fae480c098ff0317982774b7b83bf6b40f1f1cd9d6ff33720d74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C61BDB1644219BAEB149F64CC81BFF77ACFB44B11F108649F815D60E1DFB4A990EBA0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                  • API String ID: 0-1645009161
                                                                                                                                                                                                                                                  • Opcode ID: 32817e1061aa1805ffdb2a9a80801a62392e16e68724c43485edca012a1db223
                                                                                                                                                                                                                                                  • Instruction ID: 3d29d337457fd40c4ef9d9d317331fecc4c4946fd3804392f779eb4b97125a6a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32817e1061aa1805ffdb2a9a80801a62392e16e68724c43485edca012a1db223
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B81E271644609ABDF20BF64CC42FAE77B8FF55300F184025F905EA196EB74EA51C7A2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CharLowerBuffW.USER32(?,?), ref: 008F3EF8
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F3F03
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F3F5A
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F3F98
                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?), ref: 008F3FD6
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008F401E
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008F4059
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008F4087
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                  • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                  • Opcode ID: cdaa80c179704479269017e6c4cab913781271545680f57a14fa3eca1ed1e55a
                                                                                                                                                                                                                                                  • Instruction ID: dee0dcfbb93167d29b31f656655416b04761e6a3a815f711eed91d2f62eb756a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdaa80c179704479269017e6c4cab913781271545680f57a14fa3eca1ed1e55a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19718A726042069FC710EF38C88087AB7E4FF95758F104929FA95D7251EB31DE45CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 008E5A2E
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 008E5A40
                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 008E5A57
                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 008E5A6C
                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 008E5A72
                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 008E5A82
                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 008E5A88
                                                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 008E5AA9
                                                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 008E5AC3
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 008E5ACC
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008E5B33
                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 008E5B6F
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 008E5B75
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 008E5B7C
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 008E5BD3
                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 008E5BE0
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,?), ref: 008E5C05
                                                                                                                                                                                                                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 008E5C2F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 895679908-0
                                                                                                                                                                                                                                                  • Opcode ID: ed8c36929be71f15f3623266f1e874f02027933629d8b7c2bd0a1b3828300aff
                                                                                                                                                                                                                                                  • Instruction ID: 15196a67065f35e9b57321df55426017351ddcce8993ea03fb11e14c4f20a7aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed8c36929be71f15f3623266f1e874f02027933629d8b7c2bd0a1b3828300aff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA718D71A00B49AFDB20DFA9CE85AAEBBF5FF48718F104918E542E25A0D774E940DB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F89), ref: 008FFE27
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8A), ref: 008FFE32
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 008FFE3D
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F03), ref: 008FFE48
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8B), ref: 008FFE53
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F01), ref: 008FFE5E
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F81), ref: 008FFE69
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F88), ref: 008FFE74
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F80), ref: 008FFE7F
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F86), ref: 008FFE8A
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F83), ref: 008FFE95
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F85), ref: 008FFEA0
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F82), ref: 008FFEAB
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F84), ref: 008FFEB6
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F04), ref: 008FFEC1
                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 008FFECC
                                                                                                                                                                                                                                                  • GetCursorInfo.USER32(?), ref: 008FFEDC
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008FFF1E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3215588206-0
                                                                                                                                                                                                                                                  • Opcode ID: 7876286858072becb1f7eba1bc563a9d2e46d7c2b3f1690ee2340fcd700eda74
                                                                                                                                                                                                                                                  • Instruction ID: 0bab2c7c1d20f13ffc74d70bb9e7a09f588b17f80342ae34bb7b6d87c8416195
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7876286858072becb1f7eba1bc563a9d2e46d7c2b3f1690ee2340fcd700eda74
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C74145B0E483196ADB10DFBA8C8586EBFE8FF04754B50452AF21DE7291DB789901CF91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008A00C6
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0095070C,00000FA0,B7A21EF2,?,?,?,?,008C23B3,000000FF), ref: 008A011C
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008C23B3,000000FF), ref: 008A0127
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008C23B3,000000FF), ref: 008A0138
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 008A014E
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008A015C
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008A016A
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008A0195
                                                                                                                                                                                                                                                    • Part of subcall function 008A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008A01A0
                                                                                                                                                                                                                                                  • ___scrt_fastfail.LIBCMT ref: 008A00E7
                                                                                                                                                                                                                                                    • Part of subcall function 008A00A3: __onexit.LIBCMT ref: 008A00A9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • InitializeConditionVariable, xrefs: 008A0148
                                                                                                                                                                                                                                                  • WakeAllConditionVariable, xrefs: 008A0162
                                                                                                                                                                                                                                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008A0122
                                                                                                                                                                                                                                                  • SleepConditionVariableCS, xrefs: 008A0154
                                                                                                                                                                                                                                                  • kernel32.dll, xrefs: 008A0133
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                  • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                  • Opcode ID: a4f943a99520fe4e4362238ab58b472d2b582c9cebd403a789ec3aedde9c5eee
                                                                                                                                                                                                                                                  • Instruction ID: 01b87f1f4c35cf314a45e9840429500e490af5b99220a27b3130c6e5b78717d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4f943a99520fe4e4362238ab58b472d2b582c9cebd403a789ec3aedde9c5eee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D321497279C7056FFB106B68AC16FE933A4FB86B55F004139F901D66D1DB749800CE91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                  • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                  • Opcode ID: f337577a6680d60deb33c67039db08ad75a72657771b03d9f181af235e003b87
                                                                                                                                                                                                                                                  • Instruction ID: 948c2ba2df51d9bc80de1f41e0a7534da51f8acee08907d2c9300aad1e28e3cd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f337577a6680d60deb33c67039db08ad75a72657771b03d9f181af235e003b87
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92E12632A00656ABCB18DFB9C449BEEFBB0FF56714F548129E456F3280DB30AE458790
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CharLowerBuffW.USER32(00000000,00000000,0091CC08), ref: 008F4527
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F453B
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F4599
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F45F4
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F463F
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F46A7
                                                                                                                                                                                                                                                    • Part of subcall function 0089F9F2: _wcslen.LIBCMT ref: 0089F9FD
                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,00946BF0,00000061), ref: 008F4743
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                  • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                  • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                  • Opcode ID: f873249776e219231aabc8b0f7cec2577670d4787071039f22869b36004e9c1f
                                                                                                                                                                                                                                                  • Instruction ID: cbd25c716e52a4e1ae0147e948018b9483ca89c81302b1117ada9a6077f32030
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f873249776e219231aabc8b0f7cec2577670d4787071039f22869b36004e9c1f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBB1B9716083069BC710EF38C890A7BB7E5FFA6724F50591AF696C7291E730D944CB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,0091CC08), ref: 009040BB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 009040CD
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0091CC08), ref: 009040F2
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,0091CC08), ref: 0090413E
                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028,?,0091CC08), ref: 009041A8
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000009), ref: 00904262
                                                                                                                                                                                                                                                  • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 009042C8
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 009042F2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                  • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                  • Opcode ID: e5e0d6ad6a12cc76c1abebee03f64c6b9b0808768ba0d195abb964b98a129203
                                                                                                                                                                                                                                                  • Instruction ID: 1c831eca54f2d4ee4a5d0a02d62247438e617ad0048845a5d0ad5dd77aa93d64
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5e0d6ad6a12cc76c1abebee03f64c6b9b0808768ba0d195abb964b98a129203
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85122FB5A00119EFDB14DF54C884EAEB7B9FF45314F248498FA05AB2A1D731ED46CBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00951990), ref: 008C2F8D
                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00951990), ref: 008C303D
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 008C3081
                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 008C308A
                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(00951990,00000000,?,00000000,00000000,00000000), ref: 008C309D
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008C30A9
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 0deae1438a48011b0496c6871a3994237ac7824d39a073a6b90f14a6991e0d52
                                                                                                                                                                                                                                                  • Instruction ID: 13a0650e79e2aed2ccb42327deafa337bbddb2f4da6e57811d080e82cacf5ecc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0deae1438a48011b0496c6871a3994237ac7824d39a073a6b90f14a6991e0d52
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84711771644209BEEB219F29DC49FAABF75FF01764F20421AF524EA1E0C7B1E910DB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,?), ref: 00916DEB
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00916E5F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00916E81
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00916E94
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00916EB5
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00880000,00000000), ref: 00916EE4
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00916EFD
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00916F16
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00916F1D
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00916F35
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00916F4D
                                                                                                                                                                                                                                                    • Part of subcall function 00899944: GetWindowLongW.USER32(?,000000EB), ref: 00899952
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                  • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                  • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                  • Opcode ID: 25dc7cb58c7330f0ffc597f08e32a29ee1c183c2465f12230ffdd59e0f4a3a70
                                                                                                                                                                                                                                                  • Instruction ID: 98f272b6b6e7a12d61641dd4ca543fb17061f2a6e872a1a11c0435ade4cdcdbc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25dc7cb58c7330f0ffc597f08e32a29ee1c183c2465f12230ffdd59e0f4a3a70
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84718AB0644349AFDB21CF18DC58FAABBE9FB88304F04451DF99987261C770E946DB11
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  • DragQueryPoint.SHELL32(?,?), ref: 00919147
                                                                                                                                                                                                                                                    • Part of subcall function 00917674: ClientToScreen.USER32(?,?), ref: 0091769A
                                                                                                                                                                                                                                                    • Part of subcall function 00917674: GetWindowRect.USER32(?,?), ref: 00917710
                                                                                                                                                                                                                                                    • Part of subcall function 00917674: PtInRect.USER32(?,?,00918B89), ref: 00917720
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 009191B0
                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009191BB
                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009191DE
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00919225
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 0091923E
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00919255
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00919277
                                                                                                                                                                                                                                                  • DragFinish.SHELL32(?), ref: 0091927E
                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00919371
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                  • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                  • Opcode ID: 17ab193be30a3a81939528f49d91cf708791e962db6ce4e4fd1a699d456ba2e6
                                                                                                                                                                                                                                                  • Instruction ID: c35d575db3d75c85ff4de02e3ee3faa73ad88161e975148fa4e3e19f77003344
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17ab193be30a3a81939528f49d91cf708791e962db6ce4e4fd1a699d456ba2e6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F618B71208305AFD701EF64DC95EAFBBE8FF89750F00092EF5A5921A0DB309A49CB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 008FC4B0
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 008FC4C3
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 008FC4D7
                                                                                                                                                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 008FC4F0
                                                                                                                                                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 008FC533
                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 008FC549
                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008FC554
                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 008FC584
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 008FC5DC
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 008FC5F0
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 008FC5FB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 0b310d6a00d04abed81cc243b509cc6eb4aa7c298ab973238545ab5f4d7407ee
                                                                                                                                                                                                                                                  • Instruction ID: 2acc107d6cd43a378f4239b333c54aaa42d15b19741dea6ff9b50514e474c6f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b310d6a00d04abed81cc243b509cc6eb4aa7c298ab973238545ab5f4d7407ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21513AB164460DBFDB218F74CA88ABB7BBCFB08754F008419FA45D6250DB74EA44EB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00918592
                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 009185A2
                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 009185AD
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009185BA
                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 009185C8
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 009185D7
                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 009185E0
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009185E7
                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 009185F8
                                                                                                                                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,0091FC38,?), ref: 00918611
                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00918621
                                                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,000000FF), ref: 00918641
                                                                                                                                                                                                                                                  • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00918671
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00918699
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009186AF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3840717409-0
                                                                                                                                                                                                                                                  • Opcode ID: b040e3c9b2692096bfa12f8156b4a850213075b0c67b62ebbbd0f6bb1de13971
                                                                                                                                                                                                                                                  • Instruction ID: 06efb53a48bd96c642907bb0f710df15bbff27e06247742e828c54f759c846c8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b040e3c9b2692096bfa12f8156b4a850213075b0c67b62ebbbd0f6bb1de13971
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 704136B1744208AFDB118FA5CC88EAB7BBDEB89B51F108058F915E7260DB309941EB20
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 008F1502
                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 008F150B
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008F1517
                                                                                                                                                                                                                                                  • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008F15FB
                                                                                                                                                                                                                                                  • VarR8FromDec.OLEAUT32(?,?), ref: 008F1657
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 008F1708
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 008F178C
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008F17D8
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008F17E7
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 008F1823
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                  • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                  • Opcode ID: 3f292ac8adf3eb256b86669b4b2ed8f64ab68b911b52db969881fd109da08ea6
                                                                                                                                                                                                                                                  • Instruction ID: 04e53a37537815baa663c9924ffeeeb90934c6bbf4d693ac294b004ca55806a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f292ac8adf3eb256b86669b4b2ed8f64ab68b911b52db969881fd109da08ea6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60D1DE71A0411DDBDF04AF79D888AB9B7B6FF48704F148056E646EB591DB30EC40DBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0090B6AE,?,?), ref: 0090C9B5
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090C9F1
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA68
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA9E
                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0090B6F4
                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0090B772
                                                                                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(?,?), ref: 0090B80A
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0090B87E
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0090B89C
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0090B8F2
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0090B904
                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 0090B922
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 0090B983
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0090B994
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                  • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                  • Opcode ID: 2648d897019f6ccfb8c0301ce7b574bf36f84278180189c608f9c9b019d6bcad
                                                                                                                                                                                                                                                  • Instruction ID: e88b56bef57a0662ed542eecca414400ea28a7ee1ee279acad5379d01a275a61
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2648d897019f6ccfb8c0301ce7b574bf36f84278180189c608f9c9b019d6bcad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9C18C31208201AFD714DF18C494F2ABBE5FF84318F14855CE5AA8B6A2CB75ED45CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 009025D8
                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009025E8
                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 009025F4
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00902601
                                                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0090266D
                                                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009026AC
                                                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009026D0
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 009026D8
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 009026E1
                                                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 009026E8
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 009026F3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                  • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                  • Opcode ID: dd73e96979e2b2c45b637691a51191ca2dbdad0600b834669022b6818548fe64
                                                                                                                                                                                                                                                  • Instruction ID: 67a92bc8343359dc2f700488c27d27521bd9db9328b3a13bbd8ca023d3be9fe7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd73e96979e2b2c45b637691a51191ca2dbdad0600b834669022b6818548fe64
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E961F4B5E04219EFCF04CFA8D884AAEBBF5FF48310F24852AE955A7250D771A941DF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 008BDAA1
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD659
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD66B
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD67D
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD68F
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD6A1
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD6B3
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD6C5
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD6D7
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD6E9
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD6FB
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD70D
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD71F
                                                                                                                                                                                                                                                    • Part of subcall function 008BD63C: _free.LIBCMT ref: 008BD731
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDA96
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000), ref: 008B29DE
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: GetLastError.KERNEL32(00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000,00000000), ref: 008B29F0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDAB8
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDACD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDAD8
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDAFA
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDB0D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDB1B
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDB26
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDB5E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDB65
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDB82
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BDB9A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                                                  • Opcode ID: 3c7b9a7111da753cabaad66ca859c32d0d99fe00c2cb7c0590ce51ce036f91da
                                                                                                                                                                                                                                                  • Instruction ID: 679876610363265a5d2ea64d818cef61176d1e2f7c4714e98fe648019951a951
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c7b9a7111da753cabaad66ca859c32d0d99fe00c2cb7c0590ce51ce036f91da
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0312C71644705BFEB21AA39E845FDABBE9FF10320F154819E449D7392EE31AC448725
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 008E369C
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008E36A7
                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 008E3797
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 008E380C
                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 008E385D
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 008E3882
                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 008E38A0
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000), ref: 008E38A7
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 008E3921
                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 008E395D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                  • String ID: %s%u
                                                                                                                                                                                                                                                  • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                  • Opcode ID: c07eac72828ee507568d8224d84107d97fde58430c39a29cd7b04ba4643bd07c
                                                                                                                                                                                                                                                  • Instruction ID: 5a2673dedc5a297b2d058a6e73716a680fa48e7a00d0a4aa59d85be6f28b1131
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c07eac72828ee507568d8224d84107d97fde58430c39a29cd7b04ba4643bd07c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F591D171204746AFD718EF26C889BEAB7A8FF46350F008529F999D3191DB30EE45CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 008E4994
                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 008E49DA
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008E49EB
                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 008E49F7
                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 008E4A2C
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 008E4A64
                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 008E4A9D
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 008E4AE6
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 008E4B20
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 008E4B8B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                  • String ID: ThumbnailClass
                                                                                                                                                                                                                                                  • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                  • Opcode ID: 814daae21ab2e000f8b4d5dd0b66f1711f8a6a863d6cefa0094063e9ccd2b0b9
                                                                                                                                                                                                                                                  • Instruction ID: 80cc8fd69cd95944f20b86400f7e5fa81ade602913cd5b06c3ed0dbd37f5193d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 814daae21ab2e000f8b4d5dd0b66f1711f8a6a863d6cefa0094063e9ccd2b0b9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B91EE711082469FDB04DF56C884FAA77E8FF86324F049469FD89DA096DB30ED45CBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(00951990,000000FF,00000000,00000030), ref: 008EBFAC
                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(00951990,00000004,00000000,00000030), ref: 008EBFE1
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000001F4), ref: 008EBFF3
                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 008EC039
                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 008EC056
                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,-00000001), ref: 008EC082
                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 008EC0C9
                                                                                                                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 008EC10F
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008EC124
                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008EC145
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 150e881c1fe9a93c4bd307e2c5ff62ff57b9846d6e906594e5b00ced2e24b0bf
                                                                                                                                                                                                                                                  • Instruction ID: c3c0bcdb115475e966d838c59987ad29ce011681aac12761c171459bec323724
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 150e881c1fe9a93c4bd307e2c5ff62ff57b9846d6e906594e5b00ced2e24b0bf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87616CB0A1428AAFDB11CF69DD88AEEBBA9FB06344F104055F811E3291C731AD06DB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0090CC64
                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0090CC8D
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0090CD48
                                                                                                                                                                                                                                                    • Part of subcall function 0090CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0090CCAA
                                                                                                                                                                                                                                                    • Part of subcall function 0090CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0090CCBD
                                                                                                                                                                                                                                                    • Part of subcall function 0090CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0090CCCF
                                                                                                                                                                                                                                                    • Part of subcall function 0090CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0090CD05
                                                                                                                                                                                                                                                    • Part of subcall function 0090CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0090CD28
                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 0090CCF3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                  • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                  • Opcode ID: 337127ed5e4d067ae9bc1252a68191fb25787b7851e9d9efc03930fc7c3c949e
                                                                                                                                                                                                                                                  • Instruction ID: e48131fe300328eee3bce47af7d8c4c23913f939a9d1ce399bec2796aa59f11d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 337127ed5e4d067ae9bc1252a68191fb25787b7851e9d9efc03930fc7c3c949e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C3161B1A45129BFDB208B94DC88EFFBB7CEF45750F004665B906E2290D7349E45EAA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 008F3D40
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F3D6D
                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 008F3D9D
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 008F3DBE
                                                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 008F3DCE
                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 008F3E55
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008F3E60
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008F3E6B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                  • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                  • Opcode ID: 620e097da3d35034ac0449f94d94e07ddd8fe7d8b6b97978cfdd9b217c378cbc
                                                                                                                                                                                                                                                  • Instruction ID: 50501bd0e42dde45b7e1942ff165ce6f9a927b5fb5d579c028a71f350b128fbe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 620e097da3d35034ac0449f94d94e07ddd8fe7d8b6b97978cfdd9b217c378cbc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A31AFB2A54219ABDB21ABA4DC49FEF37BDFF89740F1040A5F619D6060EB709744CB24
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 008EE6B4
                                                                                                                                                                                                                                                    • Part of subcall function 0089E551: timeGetTime.WINMM(?,?,008EE6D4), ref: 0089E555
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 008EE6E1
                                                                                                                                                                                                                                                  • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 008EE705
                                                                                                                                                                                                                                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 008EE727
                                                                                                                                                                                                                                                  • SetActiveWindow.USER32 ref: 008EE746
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 008EE754
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 008EE773
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 008EE77E
                                                                                                                                                                                                                                                  • IsWindow.USER32 ref: 008EE78A
                                                                                                                                                                                                                                                  • EndDialog.USER32(00000000), ref: 008EE79B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                  • String ID: BUTTON
                                                                                                                                                                                                                                                  • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                  • Opcode ID: c7eb7390ab60e7d7f1e1fc8e0f5c8438b99db82e562bce93474dd7e3bc2e9f54
                                                                                                                                                                                                                                                  • Instruction ID: b4c69ac434c183c497a4e4d6c9ba4699950539782f56dd0ca62c3a1b597c05c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7eb7390ab60e7d7f1e1fc8e0f5c8438b99db82e562bce93474dd7e3bc2e9f54
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 192181B036C785AFEB105F26EC89B693B69F75634AF104425F415C21B1DB71AC00EB25
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 008EEA5D
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 008EEA73
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008EEA84
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 008EEA96
                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 008EEAA7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                  • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                  • Opcode ID: ec4ca47b5c253451ce7829cb57f95a0dcec926f341a58ee9f2bfd367126bd7cf
                                                                                                                                                                                                                                                  • Instruction ID: d43589d2128691948fbbf43f246d37a38fdf02bd1076b584f38a98bdd35b3883
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec4ca47b5c253451ce7829cb57f95a0dcec926f341a58ee9f2bfd367126bd7cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0611547165026979D730B766DC4ADFF6A7CFBD2B44F000429B401E20D1EAB04A05C6B2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 008EA012
                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 008EA07D
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 008EA09D
                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 008EA0B4
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 008EA0E3
                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 008EA0F4
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 008EA120
                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 008EA12E
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 008EA157
                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 008EA165
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 008EA18E
                                                                                                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 008EA19C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                                                                                                  • Opcode ID: 904dc6d5ca9fce4ff15cc53f8b193a4ede0a8c277767ff984d31a1b292ead262
                                                                                                                                                                                                                                                  • Instruction ID: 43610fe00a66fbc898ad9522059803327b1c59a2acbabc4531e89b026c5e9f5c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 904dc6d5ca9fce4ff15cc53f8b193a4ede0a8c277767ff984d31a1b292ead262
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C251EB206087C869FB39DB6684107EABFB5EF13780F088599D5C2D71C2DA94BA4CC763
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 008E5CE2
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 008E5CFB
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 008E5D59
                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 008E5D69
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 008E5D7B
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 008E5DCF
                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 008E5DDD
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 008E5DEF
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 008E5E31
                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 008E5E44
                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 008E5E5A
                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 008E5E67
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3096461208-0
                                                                                                                                                                                                                                                  • Opcode ID: ab57e5a0f902e2b0f8f4899875b699a9923d790a88e9308fb8083955c20f9318
                                                                                                                                                                                                                                                  • Instruction ID: 9816faec88fe601aefc7a94dfc97d9cc5a1bcfa6daf3edbc54a4d5710719a3e0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab57e5a0f902e2b0f8f4899875b699a9923d790a88e9308fb8083955c20f9318
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63513FB0B5060AAFDF18CF69CD89AAEBBB5FB49304F108129F515E7290D770AE00CB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00898F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00898BE8,?,00000000,?,?,?,?,00898BBA,00000000,?), ref: 00898FC5
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00898C81
                                                                                                                                                                                                                                                  • KillTimer.USER32(00000000,?,?,?,?,00898BBA,00000000,?), ref: 00898D1B
                                                                                                                                                                                                                                                  • DestroyAcceleratorTable.USER32(00000000), ref: 008D6973
                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00898BBA,00000000,?), ref: 008D69A1
                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00898BBA,00000000,?), ref: 008D69B8
                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00898BBA,00000000), ref: 008D69D4
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 008D69E6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 641708696-0
                                                                                                                                                                                                                                                  • Opcode ID: f4b351f00408f8ad675913bddc68b59b658a84d739db585fe37345ec64d9daba
                                                                                                                                                                                                                                                  • Instruction ID: 08682a6297f7a8b5f27f5ab7e68571e6ba904bfc7a11aceaf604c2fbad8c2ad4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4b351f00408f8ad675913bddc68b59b658a84d739db585fe37345ec64d9daba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9061BD3051A71ADFCF25AF19D958B2977F1FB4131AF188519E082DB6A0CB31AD90EF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899944: GetWindowLongW.USER32(?,000000EB), ref: 00899952
                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00899862
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ColorLongWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 259745315-0
                                                                                                                                                                                                                                                  • Opcode ID: 9b897d9e00853d7113078bce80a2274224dcf688230ca7767a9a7e837c886f04
                                                                                                                                                                                                                                                  • Instruction ID: 1937afdbb3c5c4b1ba454f3444782ea712dfbbe077d1469f573415367a4c612b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b897d9e00853d7113078bce80a2274224dcf688230ca7767a9a7e837c886f04
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D418E71248644AEDF216F3C9C84BB93B65FB06321F18465DF9E2D62E1E7319841EB11
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,008CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 008E9717
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,008CF7F8,00000001), ref: 008E9720
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,008CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 008E9742
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,008CF7F8,00000001), ref: 008E9745
                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 008E9866
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                  • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                  • Opcode ID: 0000ca38fcf038177a645859c3f9e384ac50b24ece5ff5dd341e0de6c4b4e310
                                                                                                                                                                                                                                                  • Instruction ID: 0b239099834212698a0bedbdf34eff0d881cf1ceb732891f22e7cff7c3b390fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0000ca38fcf038177a645859c3f9e384ac50b24ece5ff5dd341e0de6c4b4e310
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9416B72904219AACF04FBE8DD86DEE7778FF56740F140025F201B2092EA756F48CB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008E07A2
                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008E07BE
                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008E07DA
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 008E0804
                                                                                                                                                                                                                                                  • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 008E082C
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008E0837
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008E083C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                  • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                  • Opcode ID: 842a480d94b72d2c4bc195bca09fc92e9bd199ae34cc68c6eeb9b328cf9c898a
                                                                                                                                                                                                                                                  • Instruction ID: 355aec2ebb88123a00a81df870648e75bc2ab7c10defd68ec551040de7e5fbd9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 842a480d94b72d2c4bc195bca09fc92e9bd199ae34cc68c6eeb9b328cf9c898a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A413A72C10229ABDF15EBA4DC85CEDB778FF08350F054129E911A31A1EB709E44CF91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0091403B
                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00914042
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00914055
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0091405D
                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 00914068
                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00914072
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 0091407C
                                                                                                                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00914092
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0091409E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                  • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                  • Opcode ID: 65c54a6ac04c84635f4e2ec69dca7aab7beb726f499c5cdcaed57ef795fffdf1
                                                                                                                                                                                                                                                  • Instruction ID: 82933501e67733bf92fe4b7e689d7a6ec09232be87d2512d2654dc32e6bb769a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65c54a6ac04c84635f4e2ec69dca7aab7beb726f499c5cdcaed57ef795fffdf1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93318E72654219BBDF229FA4CC08FDA3B69FF0D364F114210FA18E61A0C775D860EB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00903C5C
                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00903C8A
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00903C94
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00903D2D
                                                                                                                                                                                                                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 00903DB1
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 00903ED5
                                                                                                                                                                                                                                                  • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00903F0E
                                                                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000000,0091FB98,?), ref: 00903F2D
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 00903F40
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00903FC4
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00903FD8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 429561992-0
                                                                                                                                                                                                                                                  • Opcode ID: 034a856722984b3079a5f7d23ccb2b4279b8aa558d38ca44b7d4d7ca3efeaa3d
                                                                                                                                                                                                                                                  • Instruction ID: e4abca37857fe76834ea6d23c4fc1ba0ef83148f690be9c8e6f3915e797d3acf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 034a856722984b3079a5f7d23ccb2b4279b8aa558d38ca44b7d4d7ca3efeaa3d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9C123B16082059FD700DF68C88496BBBE9FF89744F14891DF98ADB290D731EE05CB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 008F7AF3
                                                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 008F7B8F
                                                                                                                                                                                                                                                  • SHGetDesktopFolder.SHELL32(?), ref: 008F7BA3
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0091FD08,00000000,00000001,00946E6C,?), ref: 008F7BEF
                                                                                                                                                                                                                                                  • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 008F7C74
                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,?), ref: 008F7CCC
                                                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 008F7D57
                                                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 008F7D7A
                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 008F7D81
                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 008F7DD6
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 008F7DDC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2762341140-0
                                                                                                                                                                                                                                                  • Opcode ID: 856ea73fa932ab99916b8a8415a32da98fa508618ef194888e4e4a93d56c34d3
                                                                                                                                                                                                                                                  • Instruction ID: a748b13d6aeed02e8ffc543aaa9cf8db1096004b13bcb5da931cf3eaf42e29c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 856ea73fa932ab99916b8a8415a32da98fa508618ef194888e4e4a93d56c34d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADC11B75A04109AFDB14DFA8C884DAEBBF9FF48314B148499E919DB361D730EE45CB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00915504
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00915515
                                                                                                                                                                                                                                                  • CharNextW.USER32(00000158), ref: 00915544
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00915585
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0091559B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009155AC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1350042424-0
                                                                                                                                                                                                                                                  • Opcode ID: ab424eb06ab5b3f5fb1650b317b816bdeab1926aa0b599eccbfc0207ebcf12c3
                                                                                                                                                                                                                                                  • Instruction ID: 6b4aad1f044ec730aba7b41aa493c753341e80670b9e7b134e0f9db71309f041
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab424eb06ab5b3f5fb1650b317b816bdeab1926aa0b599eccbfc0207ebcf12c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A61B170B0460DEFDF108F55CC84AFE7BB9EB89360F528545F525A62A0D7748AC0DB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 008DFAAF
                                                                                                                                                                                                                                                  • SafeArrayAllocData.OLEAUT32(?), ref: 008DFB08
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 008DFB1A
                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 008DFB3A
                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 008DFB8D
                                                                                                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 008DFBA1
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008DFBB6
                                                                                                                                                                                                                                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 008DFBC3
                                                                                                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008DFBCC
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008DFBDE
                                                                                                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008DFBE9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2706829360-0
                                                                                                                                                                                                                                                  • Opcode ID: 67e374b3ae18194f9fd77b8f0044e8d5e628abb88ad23f37d4db530ca124ba59
                                                                                                                                                                                                                                                  • Instruction ID: 77bf5a954be407dc385ed49ff952e30ba05723efcf303b0289a5a334c9a14749
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67e374b3ae18194f9fd77b8f0044e8d5e628abb88ad23f37d4db530ca124ba59
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5415275A04219AFDB00DF68D8549EDBBB9FF08354F00816AE946E7361CB30A945DF91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 008E9CA1
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 008E9D22
                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 008E9D3D
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 008E9D57
                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 008E9D6C
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 008E9D84
                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 008E9D96
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 008E9DAE
                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 008E9DC0
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 008E9DD8
                                                                                                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 008E9DEA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                                                                                                  • Opcode ID: 78ce97c6894d074268003889a85e6fe107b873f452faad2f518254770b49fee2
                                                                                                                                                                                                                                                  • Instruction ID: 8a97093899e5a2f557fb1d8ad318c4772e856e3b71af665ed46263556c2eb36f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78ce97c6894d074268003889a85e6fe107b873f452faad2f518254770b49fee2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1641D8746087DA6DFF30966688043F5BEA1FF13344F04805ADAC6D66C2DBE499C8C792
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • WSAStartup.WSOCK32(00000101,?), ref: 009005BC
                                                                                                                                                                                                                                                  • inet_addr.WSOCK32(?), ref: 0090061C
                                                                                                                                                                                                                                                  • gethostbyname.WSOCK32(?), ref: 00900628
                                                                                                                                                                                                                                                  • IcmpCreateFile.IPHLPAPI ref: 00900636
                                                                                                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009006C6
                                                                                                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009006E5
                                                                                                                                                                                                                                                  • IcmpCloseHandle.IPHLPAPI(?), ref: 009007B9
                                                                                                                                                                                                                                                  • WSACleanup.WSOCK32 ref: 009007BF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                  • String ID: Ping
                                                                                                                                                                                                                                                  • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                  • Opcode ID: ab5ad2d350beca67e32b57f084ba719cc8d9ce5191a9b7c5254a85742df23cf4
                                                                                                                                                                                                                                                  • Instruction ID: 6889d271c61cac902fa9b7bb747e571e419061e093cf3b58a9666472f780ec58
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab5ad2d350beca67e32b57f084ba719cc8d9ce5191a9b7c5254a85742df23cf4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA919C756082019FD720DF19C888F1ABBE5EF85318F1485A9F469CB6A2C734ED41CF92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                  • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                  • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                  • Opcode ID: e90fdadc690d3d8522e8107db12db2ba7e26cc6b74d129449e5ea4214b8d020c
                                                                                                                                                                                                                                                  • Instruction ID: c731d1378ba486d69c4d334ce7213fde2ee7f5da686464324c4df200772787d1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e90fdadc690d3d8522e8107db12db2ba7e26cc6b74d129449e5ea4214b8d020c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9519E32A005169ECF24EF6CC9409BFB7AABF65724B254629E4A6E72C0DB30DD40C791
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoInitialize.OLE32 ref: 00903774
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 0090377F
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000017,0091FB78,?), ref: 009037D9
                                                                                                                                                                                                                                                  • IIDFromString.OLE32(?,?), ref: 0090384C
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 009038E4
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00903936
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                  • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                  • Opcode ID: c435b2f2fded819d28a348210c7052d060051eb2950298ee547e3c00adaae369
                                                                                                                                                                                                                                                  • Instruction ID: 56498e29ce1a667df6d40c47cac5c470a7059a703177730a2d54f2393d65918c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c435b2f2fded819d28a348210c7052d060051eb2950298ee547e3c00adaae369
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1619FB0608301AFD310DF64C889F6AB7E8FF89714F148949F9959B291D770EE48CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008F33CF
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008F33F0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                  • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                  • Opcode ID: 992cb11f995f63d5117e9d88bea9803a8e06ac1c369a0aa51882360bc7097a83
                                                                                                                                                                                                                                                  • Instruction ID: 8eb5a71031b9ec8a9da435fe0887b54c60064567f0a65b994cc224b25356c964
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 992cb11f995f63d5117e9d88bea9803a8e06ac1c369a0aa51882360bc7097a83
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0751667290020AAADF14EBA4DD46EFEB778FF59344F144065F105B20A2EB316F58DB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                  • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                  • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                  • Opcode ID: f9c993c1f80b908fe5da71d2cf03f552a1d8a0630e32af35bc5d3fe22bbc9d94
                                                                                                                                                                                                                                                  • Instruction ID: 9ff66d5c245e8cf05238c49be99afa34e6ee9066c553b34ecac62881b24ea287
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9c993c1f80b908fe5da71d2cf03f552a1d8a0630e32af35bc5d3fe22bbc9d94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD41C772A041679BCB206F7E8C905BFBBA5FBB2754B244129E461D72A4F731CD81C790
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 008F53A0
                                                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 008F5416
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008F5420
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 008F54A7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                  • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                  • Opcode ID: fb6ebffdb5bfc48c99c21512e65bed7d93d9e42c88bb5b7611a6f0392de14572
                                                                                                                                                                                                                                                  • Instruction ID: aede291c979f0d1050ca90a140ebc56cf6d3a936f2659332e7223101d1622e01
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb6ebffdb5bfc48c99c21512e65bed7d93d9e42c88bb5b7611a6f0392de14572
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C23191B5A046099FC710DF68C884ABABBB4FB15305F148069E605DB292D731DD86CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateMenu.USER32 ref: 00913C79
                                                                                                                                                                                                                                                  • SetMenu.USER32(?,00000000), ref: 00913C88
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00913D10
                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00913D24
                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00913D2E
                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00913D5B
                                                                                                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00913D63
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                  • String ID: 0$F
                                                                                                                                                                                                                                                  • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                  • Opcode ID: 54482a6bf649f098a55aa4e7c310559de5d966154c0f60902f0c851da0537640
                                                                                                                                                                                                                                                  • Instruction ID: 4ae5af75d08841febed1446183c1c7a7de21166f052f178da29335af5eb4d10a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54482a6bf649f098a55aa4e7c310559de5d966154c0f60902f0c851da0537640
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8418CB8A05209AFDB14CF64E844ADA77B9FF49314F148028F946973A0D730AA10DB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008E3CCA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 008E1F64
                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32 ref: 008E1F6F
                                                                                                                                                                                                                                                  • GetParent.USER32 ref: 008E1F8B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 008E1F8E
                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 008E1F97
                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 008E1FAB
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 008E1FAE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                  • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                  • Opcode ID: 24eeb31f288d8fc4cc8d6feac1725685e18dea4f9f69351053d565a273bbc2a8
                                                                                                                                                                                                                                                  • Instruction ID: e79343c24a870e38874e58026216afa41e006be338bd5c4804a19ee8e1e5a42d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24eeb31f288d8fc4cc8d6feac1725685e18dea4f9f69351053d565a273bbc2a8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE21C270A40214BFCF04AFA5DC89DFEBBB8FF06354B104115F961A7291DB359904DBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008E3CCA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 008E2043
                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32 ref: 008E204E
                                                                                                                                                                                                                                                  • GetParent.USER32 ref: 008E206A
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 008E206D
                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 008E2076
                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 008E208A
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 008E208D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                  • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                  • Opcode ID: 52fd04e0f1b040ba56bf3dc1ddcef5b99270e830b00b428f34502c0a0d894f8d
                                                                                                                                                                                                                                                  • Instruction ID: 8051c5581a75ea5583e931331f6612bb097fa8bbd87e36854e02a200af4b5d53
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52fd04e0f1b040ba56bf3dc1ddcef5b99270e830b00b428f34502c0a0d894f8d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A21CFB1A40218BFCF11AFA5CC85EFEBBB8FF0A344F104015F991A71A1DA758914DB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00913A9D
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00913AA0
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00913AC7
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00913AEA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00913B62
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00913BAC
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00913BC7
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00913BE2
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00913BF6
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00913C13
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 312131281-0
                                                                                                                                                                                                                                                  • Opcode ID: 7da75ff177b7aae8fc39744ca65fc9cca9284b1ec6cf282eee5388d206f57d45
                                                                                                                                                                                                                                                  • Instruction ID: 201f7018c45f08435cfeb111275fdaffc92e8616f275a4813c428defa1692a7c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7da75ff177b7aae8fc39744ca65fc9cca9284b1ec6cf282eee5388d206f57d45
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01618975A00208AFDB20DFA8CC81FEE77B8EB49714F104099FA15E72A1D774AE85DB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008EB151
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,008EA1E1,?,00000001), ref: 008EB165
                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 008EB16C
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008EA1E1,?,00000001), ref: 008EB17B
                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 008EB18D
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,008EA1E1,?,00000001), ref: 008EB1A6
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008EA1E1,?,00000001), ref: 008EB1B8
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,008EA1E1,?,00000001), ref: 008EB1FD
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,008EA1E1,?,00000001), ref: 008EB212
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,008EA1E1,?,00000001), ref: 008EB21D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2156557900-0
                                                                                                                                                                                                                                                  • Opcode ID: af2c79e0e7f99a1fc1e021c15991e8a1745b71e4f4e4f2634019c98c21f316ac
                                                                                                                                                                                                                                                  • Instruction ID: 78b015e0c381c4fe2e05893eee211b1f311cb0fdde27bb4524dad0cf9c41de21
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: af2c79e0e7f99a1fc1e021c15991e8a1745b71e4f4e4f2634019c98c21f316ac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1431A9B5668344BFDB109F26DC48BAE7BA9FF523A2F108009FA00D6190D7B49A00DF64
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2C94
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000), ref: 008B29DE
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: GetLastError.KERNEL32(00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000,00000000), ref: 008B29F0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CA0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CAB
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CB6
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CC1
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CCC
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CD7
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CE2
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CED
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2CFB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 7782dd5c82580a8bed776dbce9ece1505cec16cb73ae0098da5a05c5ae6c7c81
                                                                                                                                                                                                                                                  • Instruction ID: 85b8f11fa52c12336e2807cb1877395401715c35b398539a8f0add1f1a2ac2ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7782dd5c82580a8bed776dbce9ece1505cec16cb73ae0098da5a05c5ae6c7c81
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0116376500108BFCB02EF58D982DDD3FA9FF09350F5149A5FA489B322DA31EA549B91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 008F7FAD
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F7FC1
                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 008F7FEB
                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 008F8005
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F8017
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 008F8060
                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008F80B0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                  • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                  • Opcode ID: 2cf42e416e6d3c7c5e59c0e5e61b69b592a65e8fb3a611f7bd1f505e85d146a9
                                                                                                                                                                                                                                                  • Instruction ID: 7ccbdd119453a04372860d185963f359f1b5a0674204cf99b02cd8741b52f0de
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cf42e416e6d3c7c5e59c0e5e61b69b592a65e8fb3a611f7bd1f505e85d146a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2981A0715082499BEB20EF28C8449BEB3E8FF89714F54486EFA85C7250EB74DD45CB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 00885C7A
                                                                                                                                                                                                                                                    • Part of subcall function 00885D0A: GetClientRect.USER32(?,?), ref: 00885D30
                                                                                                                                                                                                                                                    • Part of subcall function 00885D0A: GetWindowRect.USER32(?,?), ref: 00885D71
                                                                                                                                                                                                                                                    • Part of subcall function 00885D0A: ScreenToClient.USER32(?,?), ref: 00885D99
                                                                                                                                                                                                                                                  • GetDC.USER32 ref: 008C46F5
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 008C4708
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 008C4716
                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 008C472B
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 008C4733
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008C47C4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                  • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                  • Opcode ID: e820d75cce9b82ae03217d4b662635c754a0c42c7472b92b3edbcc052eb83abd
                                                                                                                                                                                                                                                  • Instruction ID: 28a1ba7f4a50442e6b3a9b4e991f32512952aea60fffc8346030c3f5928999ae
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e820d75cce9b82ae03217d4b662635c754a0c42c7472b92b3edbcc052eb83abd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C971DE30500209DFCF219F64C994FEA3BB2FF4A364F245269ED559A2AAC730C881EF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008F35E4
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00952390,?,00000FFF,?), ref: 008F360A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                  • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                  • Opcode ID: 24e9499eff2cbe4f86f2e0d5491518e9a8148e4c3469a497300bfb30b5df1484
                                                                                                                                                                                                                                                  • Instruction ID: cf6d93c7bc8e7b27446ce3fea8fc130873b1438dd428fc373a46e7e1d7ce683c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24e9499eff2cbe4f86f2e0d5491518e9a8148e4c3469a497300bfb30b5df1484
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33515D7190020AAADF14FBA4DC42EFEBB79FF15304F144125F205B21A1EB315B99DBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 008FC272
                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008FC29A
                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 008FC2CA
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008FC322
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 008FC336
                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 008FC341
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 92c061ef663faf2e9ebe365fdc75123e84dcb803ed993cc2c356f95571252591
                                                                                                                                                                                                                                                  • Instruction ID: 3df081a4aea1b67d5bd404e9cc825177db62ae735071cc9059b4b87dcfd60db3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92c061ef663faf2e9ebe365fdc75123e84dcb803ed993cc2c356f95571252591
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66316BB164460CAFD7219FB48A88ABB7AFCFB49784B14851EF546D2240DB70DE04DB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,008C3AAF,?,?,Bad directive syntax error,0091CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008E98BC
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,008C3AAF,?), ref: 008E98C3
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 008E9987
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                  • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                  • Opcode ID: 8b363128e1d08353a77a26578aa3dc49cc24973a5ad2165d62d4b0a3cff0039d
                                                                                                                                                                                                                                                  • Instruction ID: f11b5022ea7f442f6f90a754a1633129811ee53b97f2aaba43c797488220fbe2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b363128e1d08353a77a26578aa3dc49cc24973a5ad2165d62d4b0a3cff0039d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E218D7294021EABCF15BF94CC0AEEE7739FF19704F084469F515A20A2EB719A18DB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetParent.USER32 ref: 008E20AB
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 008E20C0
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 008E214D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                  • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                  • Opcode ID: 3d8f85d2ed03b7850e4beb64709543c1924c240e00bcaa530e5f4592d9314590
                                                                                                                                                                                                                                                  • Instruction ID: 2f5c04c10b4c380bcbbd94135406085ceb952428dde7e6da70bfde5faf09302a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d8f85d2ed03b7850e4beb64709543c1924c240e00bcaa530e5f4592d9314590
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 071106766C871BBAFB016225EC06DE6379CEB47328B210016FB04E50E2FAA1B9416615
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cb045a0ba201d2ee6427f9e78765929373c8d05eb0dc5adfe88cbb7beda38bac
                                                                                                                                                                                                                                                  • Instruction ID: c036d37d4a291333c2c4207b7ab5d02a445cbdeb9452773cff01cd517f37d65b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb045a0ba201d2ee6427f9e78765929373c8d05eb0dc5adfe88cbb7beda38bac
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACC1BF74A04249EFDB11AFACD841BEDBBB4FF4A310F144199EA54E7392CB309942CB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1282221369-0
                                                                                                                                                                                                                                                  • Opcode ID: 398f9d06ebcae83766c8fd786388136e77945fc607562d2d2be775c4f2122bb6
                                                                                                                                                                                                                                                  • Instruction ID: df9b83d3a1e8758db7165cbfe8dd7202d24046b4b94ab2498bd1ec1b0e800714
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 398f9d06ebcae83766c8fd786388136e77945fc607562d2d2be775c4f2122bb6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC612571A08305AFDB21AFB89882AFE7BA5FF05320F0441ADF944D7382EB719D019751
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00915186
                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 009151C7
                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,?,00000000), ref: 009151CD
                                                                                                                                                                                                                                                  • SetFocus.USER32(?,?,00000005,?,00000000), ref: 009151D1
                                                                                                                                                                                                                                                    • Part of subcall function 00916FBA: DeleteObject.GDI32(00000000), ref: 00916FE6
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0091520D
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0091521A
                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0091524D
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00915287
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00915296
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3210457359-0
                                                                                                                                                                                                                                                  • Opcode ID: 55c31e24978e06fd11a0ccc6ec8661bc154cfeb507fc17391f9c363d8b4f0e39
                                                                                                                                                                                                                                                  • Instruction ID: 38bd0b1a4603756b5e4bdf75d8a44764b5ce70bd94efa56af5ce454f978eb4c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55c31e24978e06fd11a0ccc6ec8661bc154cfeb507fc17391f9c363d8b4f0e39
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36519E71BA8A0CFEEF219F28CC45BD83B69EB85361F168411F525962E0C7B599C0DB41
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 008D6890
                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008D68A9
                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008D68B9
                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008D68D1
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008D68F2
                                                                                                                                                                                                                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00898874,00000000,00000000,00000000,000000FF,00000000), ref: 008D6901
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 008D691E
                                                                                                                                                                                                                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00898874,00000000,00000000,00000000,000000FF,00000000), ref: 008D692D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1268354404-0
                                                                                                                                                                                                                                                  • Opcode ID: e7ad3d90d9713e23fbb5a2ceafb59ee1ed43c41c35cd97ff527b41a4645ccd5c
                                                                                                                                                                                                                                                  • Instruction ID: fac03f4d89618e9a2447bf50f7da5eedaea4efd7b469c24d7e59d916730e006f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7ad3d90d9713e23fbb5a2ceafb59ee1ed43c41c35cd97ff527b41a4645ccd5c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D518AB061020AEFDB20DF25CC55FAA7BB5FB44364F184619F952D72A0EB70E990EB40
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 008FC182
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008FC195
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 008FC1A9
                                                                                                                                                                                                                                                    • Part of subcall function 008FC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 008FC272
                                                                                                                                                                                                                                                    • Part of subcall function 008FC253: GetLastError.KERNEL32 ref: 008FC322
                                                                                                                                                                                                                                                    • Part of subcall function 008FC253: SetEvent.KERNEL32(?), ref: 008FC336
                                                                                                                                                                                                                                                    • Part of subcall function 008FC253: InternetCloseHandle.WININET(00000000), ref: 008FC341
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 337547030-0
                                                                                                                                                                                                                                                  • Opcode ID: 0971cceb4f31f5c048f4a7b33ef39a6c62a89c9efd1e8fdc2f3181d822742cb8
                                                                                                                                                                                                                                                  • Instruction ID: f37fcc8a553737ec65c25b3ecc9e14d5402b544437127db37d8d2a2cfe350f60
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0971cceb4f31f5c048f4a7b33ef39a6c62a89c9efd1e8fdc2f3181d822742cb8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 303190B164460DAFDB219FB5DE44AB6BBF8FF18300B14841DFA56C2611DB31EA14EB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008E3A57
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: GetCurrentThreadId.KERNEL32 ref: 008E3A5E
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008E25B3), ref: 008E3A65
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 008E25BD
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008E25DB
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008E25DF
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 008E25E9
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 008E2601
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 008E2605
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 008E260F
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 008E2623
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 008E2627
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2014098862-0
                                                                                                                                                                                                                                                  • Opcode ID: bb53f3ff5fb517834191d4a606408aabc8989bf3c636c8763368e819f0643257
                                                                                                                                                                                                                                                  • Instruction ID: dc653eac3cac58e7ee50b1bf67b3e3e92af157b8ee984ee2029dc89cf5438497
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb53f3ff5fb517834191d4a606408aabc8989bf3c636c8763368e819f0643257
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D01B5703D8764BBFB1067699C8AF993E59EB4AB51F104011F318AF0D1C9E11444DA6A
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,008E1449,?,?,00000000), ref: 008E180C
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,008E1449,?,?,00000000), ref: 008E1813
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008E1449,?,?,00000000), ref: 008E1828
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,008E1449,?,?,00000000), ref: 008E1830
                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,008E1449,?,?,00000000), ref: 008E1833
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008E1449,?,?,00000000), ref: 008E1843
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(008E1449,00000000,?,008E1449,?,?,00000000), ref: 008E184B
                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,008E1449,?,?,00000000), ref: 008E184E
                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,008E1874,00000000,00000000,00000000), ref: 008E1868
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1957940570-0
                                                                                                                                                                                                                                                  • Opcode ID: b9ea663ff0550438e786e4e1cc82d5f1a954e513ce0d8a197c64b75e22627b41
                                                                                                                                                                                                                                                  • Instruction ID: 9e2b5cec00b67fa698f2b4675f71654e135717689b4b3f4a64562b837ae3425f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9ea663ff0550438e786e4e1cc82d5f1a954e513ce0d8a197c64b75e22627b41
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E01BFB53D4344BFE710AB65DC4DF977B6CEB89B11F408411FA05DB191C6749800DB20
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008ED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 008ED501
                                                                                                                                                                                                                                                    • Part of subcall function 008ED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 008ED50F
                                                                                                                                                                                                                                                    • Part of subcall function 008ED4DC: CloseHandle.KERNELBASE(00000000), ref: 008ED5DC
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0090A16D
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0090A180
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0090A1B3
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 0090A268
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 0090A273
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0090A2C4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                  • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                  • Opcode ID: bdd71cf34c7a17323546300eab7d9c5b48198b4c167cc9297c950176f29272b1
                                                                                                                                                                                                                                                  • Instruction ID: 4fbd44190a0307e1490bb5fa95e37ba1b4357eaacbb6463a344a24b98efaee37
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdd71cf34c7a17323546300eab7d9c5b48198b4c167cc9297c950176f29272b1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE617970208342AFD720DF19C894F26BBA5AF54318F18849CE4668B7A3C776ED45CBD2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00913925
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0091393A
                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00913954
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00913999
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 009139C6
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009139F4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                  • String ID: SysListView32
                                                                                                                                                                                                                                                  • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                  • Opcode ID: 2843b1d5c99d078dbdb07284f33ed361fd6d672b953293ff5adcfbd4d507d0de
                                                                                                                                                                                                                                                  • Instruction ID: 9cc6c8f91a137bd40ce5f7234134eca24bbc428af6e6799965c3571117ac854a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2843b1d5c99d078dbdb07284f33ed361fd6d672b953293ff5adcfbd4d507d0de
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5841AE71A0021DABEF219F64CC49BEA7BB9EF48354F104566F958E7281D7B19A80CB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008EBCFD
                                                                                                                                                                                                                                                  • IsMenu.USER32(00000000), ref: 008EBD1D
                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 008EBD53
                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00AD5768), ref: 008EBDA4
                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(00AD5768,?,00000001,00000030), ref: 008EBDCC
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                  • String ID: 0$2
                                                                                                                                                                                                                                                  • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                  • Opcode ID: 98c1288cb7a2a94254f277fd1d1f31f745289949c01e334b3b012a2bd863a12a
                                                                                                                                                                                                                                                  • Instruction ID: 6c171caab3e8bbf1a7c98bde6252936c22f78de25e6197fbfab4bb1ad88bff7f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98c1288cb7a2a94254f277fd1d1f31f745289949c01e334b3b012a2bd863a12a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3519E70B04289ABDB20CFAADC84BAFBBF5FF46314F148119E411D7290D7709941CB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 008EC913
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: IconLoad
                                                                                                                                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                  • Opcode ID: 8685fbc4f32f8b6702556c08395822fba6fa04028c4808f30b707dde6816918c
                                                                                                                                                                                                                                                  • Instruction ID: fb87b74eb52b7fec3ce87f93729bcdc9afba0c1c3e201905a30246213cd5dc22
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8685fbc4f32f8b6702556c08395822fba6fa04028c4808f30b707dde6816918c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1110071B8935ABAF7016B599C83CAE6B9CFF57358B10003AF500E62D3D7B46D015265
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                                                                                                                  • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                  • Opcode ID: 8bebad778d4a33d7efc63d8f624322912c9b4e1d96dab2b1cf9b814d8a15cd49
                                                                                                                                                                                                                                                  • Instruction ID: 9880c0299bf93c7b7d3008490f36034dd3baf441395d25e93b00d5368f562959
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bebad778d4a33d7efc63d8f624322912c9b4e1d96dab2b1cf9b814d8a15cd49
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57115C71A04209AFDB206B75DC4EDEF37ACFF52310F0401A9F445DA091EFB08A84DA61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 00919FC7
                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 00919FE7
                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0091A224
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0091A242
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0091A263
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000003,00000000), ref: 0091A282
                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0091A2A7
                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000005,?,?), ref: 0091A2CA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1211466189-0
                                                                                                                                                                                                                                                  • Opcode ID: 2667edecfe1492ca5bdc8ba070c8ad407eaf2aed5a5c1d83f28c94d22426eb33
                                                                                                                                                                                                                                                  • Instruction ID: 4a535dd14d903870a5eb11c4aac7d15dc166493ca49bbbfdca1269850dd4dea4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2667edecfe1492ca5bdc8ba070c8ad407eaf2aed5a5c1d83f28c94d22426eb33
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADB1A731605219AFDF14CF68C9857EE3BF6BF48711F088069EC99AB295D731AD80CB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 952045576-0
                                                                                                                                                                                                                                                  • Opcode ID: f2680aacbdc2e3135b150bdd0373e0266c10186d2547317028a6656a099266d6
                                                                                                                                                                                                                                                  • Instruction ID: 8487cd7ff9666c8ba06f84ba5af9c654ab75ae1d1241d2d3c4d5396227579697
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2680aacbdc2e3135b150bdd0373e0266c10186d2547317028a6656a099266d6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB419065D10258A5DB11EBF88C8AACFB7ACFF46310F548462E518E3921FB34E255C3A6
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008D682C,00000004,00000000,00000000), ref: 0089F953
                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,008D682C,00000004,00000000,00000000), ref: 008DF3D1
                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008D682C,00000004,00000000,00000000), ref: 008DF454
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ShowWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                                                                                                                                  • Opcode ID: eebbb6f2d96db1e7c64671de860d83808b09b93757f88a6b7fb9a22eea5c10a6
                                                                                                                                                                                                                                                  • Instruction ID: 7352cf7dd0e33a7e88850954f28038245ff9a6a44e21af10898c0b3c113f7b13
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eebbb6f2d96db1e7c64671de860d83808b09b93757f88a6b7fb9a22eea5c10a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5441D831618640BECF3DAB29888876A7F92FB56314F1C853DF347D6663C6719880EB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00912D1B
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00912D23
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00912D2E
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00912D3A
                                                                                                                                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00912D76
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00912D87
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00915A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00912DC2
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00912DE1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3864802216-0
                                                                                                                                                                                                                                                  • Opcode ID: 30e6bb01a8a13ce1510daa304af84854fc35d9e468118915ff2866960068f5f3
                                                                                                                                                                                                                                                  • Instruction ID: 2c926678c8becd66e4188e9b2845a48d6f6070e5ecf241fb935fab74668b570b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30e6bb01a8a13ce1510daa304af84854fc35d9e468118915ff2866960068f5f3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE319CB6355214BFEB118F50DC8AFEB3BADEF09751F048055FE089A291C6759C50CBA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                                                                                                                  • Opcode ID: 003cc3f45c4474b73674081423167c19163f1e2c96205fe881eaa20b5b7485fa
                                                                                                                                                                                                                                                  • Instruction ID: 45d420c0cdfe983355c83f4ac37981601fd6e70d157447a3df64c002d7aab94d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 003cc3f45c4474b73674081423167c19163f1e2c96205fe881eaa20b5b7485fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE218361740A4D7BEA149A268EA2FFB235CFE7338CF440020FD05DAA91F764ED1081E6
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                  • API String ID: 0-572801152
                                                                                                                                                                                                                                                  • Opcode ID: 0b380846afe48b1c9983e2092637987c9653f5af0f83452fa29584d8fc415d65
                                                                                                                                                                                                                                                  • Instruction ID: 086521a3b42feaa0cca6094582e7c6069f97a38efa9690e9416e6e531dcbc34e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b380846afe48b1c9983e2092637987c9653f5af0f83452fa29584d8fc415d65
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBD19C75A0060AAFDF10CFA8C881BAEB7B9BF48344F158469E915EB281E770DD45CF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?), ref: 008C15CE
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008C1651
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008C16E4
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 008C16FB
                                                                                                                                                                                                                                                    • Part of subcall function 008B3820: RtlAllocateHeap.NTDLL(00000000,?,00951444,?,0089FDF5,?,?,0088A976,00000010,00951440,008813FC,?,008813C6,?,00881129), ref: 008B3852
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008C1777
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 008C17A2
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 008C17AE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2829977744-0
                                                                                                                                                                                                                                                  • Opcode ID: d8252f6235572a5a6623ea893313a3103cb7d6f24587a6f1796fecaa20ec1e9b
                                                                                                                                                                                                                                                  • Instruction ID: 280ec67160db8995b474d38e7e39f8fffc2adae1c2972487598ceb5788753b4c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8252f6235572a5a6623ea893313a3103cb7d6f24587a6f1796fecaa20ec1e9b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61918071E1021A9ADF208E64C8D9FEE7BB5FB4A714F18465DE801E7246DB35DC40CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                  • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                  • Opcode ID: 37381d02cb12c770701fadc0273f1fa6c026428447406aeaf2b7dc20d27e2be6
                                                                                                                                                                                                                                                  • Instruction ID: 161098bd75b8b8f2a75786207837900c73e1fa8386630af87d86a31ba2ad93aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37381d02cb12c770701fadc0273f1fa6c026428447406aeaf2b7dc20d27e2be6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D917DB1A04219AFDF24CFA5CC84FAEBBB8EF46714F108559F615AB281D7709941CFA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 008F125C
                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 008F1284
                                                                                                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008F12A8
                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008F12D8
                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008F135F
                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008F13C4
                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008F1430
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2550207440-0
                                                                                                                                                                                                                                                  • Opcode ID: e9ae7d091ae6f5e7c8c0c232e206e8bb9981038ed7ddd12492d206ef29734d5b
                                                                                                                                                                                                                                                  • Instruction ID: 623d55d6fcf91dea3feddb88a899e9274f4b92e01d3ef5879cdec7e2c99a0ca2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9ae7d091ae6f5e7c8c0c232e206e8bb9981038ed7ddd12492d206ef29734d5b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6918B71A0021DEFDB01DFA8C888BBEB7B5FF45325F144029EA10EB292D774A941CB95
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                                                                                                                  • Opcode ID: 1f4648a862592f7793d5a8cb8f67abc4e44c01716536f167bce07d1056c40d1d
                                                                                                                                                                                                                                                  • Instruction ID: 421bc29e73036f6f6c5da00a7249c0039c44f28c480323b2e05df5fa81ad36f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f4648a862592f7793d5a8cb8f67abc4e44c01716536f167bce07d1056c40d1d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51913471A44219AFCF15DFA9CC84AEEBBB8FF49320F18814AE555F7251D334AA41CB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0090396B
                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00903A7A
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00903A8A
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00903C1F
                                                                                                                                                                                                                                                    • Part of subcall function 008F0CDF: VariantInit.OLEAUT32(00000000), ref: 008F0D1F
                                                                                                                                                                                                                                                    • Part of subcall function 008F0CDF: VariantCopy.OLEAUT32(?,?), ref: 008F0D28
                                                                                                                                                                                                                                                    • Part of subcall function 008F0CDF: VariantClear.OLEAUT32(?), ref: 008F0D34
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                  • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                  • Opcode ID: 932c6af1c895980869c059bfe773a20bd3940d08f1a8e9525473ada6d865d940
                                                                                                                                                                                                                                                  • Instruction ID: 355466708d89315a95fc3ffbae7ef31d532bcd26ab81fec199cfc4cb94962fbc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 932c6af1c895980869c059bfe773a20bd3940d08f1a8e9525473ada6d865d940
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 989136756083059FC714EF68C48096AB7E9FF89314F14882DF89997391DB31EE45CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?,?,?,008E035E), ref: 008E002B
                                                                                                                                                                                                                                                    • Part of subcall function 008E000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?,?), ref: 008E0046
                                                                                                                                                                                                                                                    • Part of subcall function 008E000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?,?), ref: 008E0054
                                                                                                                                                                                                                                                    • Part of subcall function 008E000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?), ref: 008E0064
                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00904C51
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00904D59
                                                                                                                                                                                                                                                  • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00904DCF
                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 00904DDA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                  • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                  • Opcode ID: a1c5043b1fc39cfb2e642b3b69b2db73b3e47d50dc00ffcff1e2c8c2dcb0333c
                                                                                                                                                                                                                                                  • Instruction ID: c591d929e55709f8847dd8e7b290458599a9ab73437cb0fb9f1d25bfd3cd7aa8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1c5043b1fc39cfb2e642b3b69b2db73b3e47d50dc00ffcff1e2c8c2dcb0333c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF9108B1D0021D9FDF14DFA4C891AEDB7B8FF48310F108569E515A7291EB74AA44CFA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetMenu.USER32(?), ref: 00912183
                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 009121B5
                                                                                                                                                                                                                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009121DD
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00912213
                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 0091224D
                                                                                                                                                                                                                                                  • GetSubMenu.USER32(?,?), ref: 0091225B
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008E3A57
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: GetCurrentThreadId.KERNEL32 ref: 008E3A5E
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008E25B3), ref: 008E3A65
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009122E3
                                                                                                                                                                                                                                                    • Part of subcall function 008EE97B: Sleep.KERNEL32 ref: 008EE9F3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4196846111-0
                                                                                                                                                                                                                                                  • Opcode ID: c279a733e4e0517cc01fd4ac093ae369c5a1df5f20aec2b5054e3542d61b3423
                                                                                                                                                                                                                                                  • Instruction ID: 0b6043b221e3dd7a7d0bfab5b0de1ba1fe4ec2169033e3dbb6d8eac57923494b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c279a733e4e0517cc01fd4ac093ae369c5a1df5f20aec2b5054e3542d61b3423
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01718D75A04209AFCB14EF68C841AEEB7F5FF48310F148858E926EB351DB34AD918B91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsWindow.USER32(00AD56F0), ref: 00917F37
                                                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00AD56F0), ref: 00917F43
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0091801E
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00AD56F0,000000B0,?,?), ref: 00918051
                                                                                                                                                                                                                                                  • IsDlgButtonChecked.USER32(?,?), ref: 00918089
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(00AD56F0,000000EC), ref: 009180AB
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009180C3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4072528602-0
                                                                                                                                                                                                                                                  • Opcode ID: e9291c0a4577eba8fc4534b2be46b7c1beebfb293bb78273462cd70b97989f20
                                                                                                                                                                                                                                                  • Instruction ID: a18f3333f46b42bacd87f913a2a39c62b12369f24013f3e118faf351707108cd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9291c0a4577eba8fc4534b2be46b7c1beebfb293bb78273462cd70b97989f20
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4671907470820AAFEB219FA4C894FEBBBB9EF09340F144459E94597361CB31AC86DB10
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 008EAEF9
                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 008EAF0E
                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 008EAF6F
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 008EAF9D
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 008EAFBC
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 008EAFFD
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 008EB020
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                                                                                                  • Opcode ID: 5fc4b1a5d89e513d186b13cf50068e5024febe439f31064891f600df02657477
                                                                                                                                                                                                                                                  • Instruction ID: 1bdc6c9a97950fdf50a8862500e0dc4e40e3ecaba40734e1d8cd40459b65b1c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fc4b1a5d89e513d186b13cf50068e5024febe439f31064891f600df02657477
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F851D2A06047D53DFB3A43758845BBB7EA9AB07704F088489E1E5D54C2C798FC84D752
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetParent.USER32(00000000), ref: 008EAD19
                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 008EAD2E
                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 008EAD8F
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 008EADBB
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 008EADD8
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 008EAE17
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 008EAE38
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                                                                                                  • Opcode ID: 4c537c798b2d83bfa40bca88b0b24edbf748eedd6b12b326c5860baefe92b741
                                                                                                                                                                                                                                                  • Instruction ID: ca605b4881d27d2de9bb1eda1834cd1f5b5221efd1eb65bf709dd32c62ce97b9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c537c798b2d83bfa40bca88b0b24edbf748eedd6b12b326c5860baefe92b741
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F51D6A16047D63DFB3A42658C95BBA7E99FF47B00F088488E1D5D68C2C294FC88D752
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(008C3CD6,?,?,?,?,?,?,?,?,008B5BA3,?,?,008C3CD6,?,?), ref: 008B5470
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 008B54EB
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 008B5506
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,008C3CD6,00000005,00000000,00000000), ref: 008B552C
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,008C3CD6,00000000,008B5BA3,00000000,?,?,?,?,?,?,?,?,?,008B5BA3,?), ref: 008B554B
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,008B5BA3,00000000,?,?,?,?,?,?,?,?,?,008B5BA3,?), ref: 008B5584
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                  • Opcode ID: 50002bb04ece7f38e2b517dcfe7b1084930c5a64f62aad0f8156088bf44833c6
                                                                                                                                                                                                                                                  • Instruction ID: be16a165de4fec89cbe64faf855c3d114f47231d48e5cc1a9bbd5642cb690863
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50002bb04ece7f38e2b517dcfe7b1084930c5a64f62aad0f8156088bf44833c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE51C0B0A00649AFDB20CFA8D851BEEBBF9FF09301F14411AE955E7391D6309A45CB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 008A2D4B
                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 008A2D53
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 008A2DE1
                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 008A2E0C
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 008A2E61
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: e2d2a83e25aec50578f3c852dca7cb8c98bafcc8cc8d0b109a2aa7b6027ad002
                                                                                                                                                                                                                                                  • Instruction ID: bdeae2b925621a8e6464ef1dc121ff0c331058d8658cfa396d7941c473053ece
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2d2a83e25aec50578f3c852dca7cb8c98bafcc8cc8d0b109a2aa7b6027ad002
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9441A134A0020DABDF20DF6CC845A9EBBB5FF46328F148165E814EBA53D735DA11CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0090304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0090307A
                                                                                                                                                                                                                                                    • Part of subcall function 0090304E: _wcslen.LIBCMT ref: 0090309B
                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00901112
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00901121
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 009011C9
                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 009011F9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2675159561-0
                                                                                                                                                                                                                                                  • Opcode ID: 56a8a590bb1a58329c27b498e04fd08f4d2d8ac65928e5601cb9bb8ffbd50b2c
                                                                                                                                                                                                                                                  • Instruction ID: ed8c6b1affde3f21617861577291474a0fdbdfbf4d182faa8dac61ae4055c4d7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56a8a590bb1a58329c27b498e04fd08f4d2d8ac65928e5601cb9bb8ffbd50b2c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3841D071604204AFDB14AF28C884BAABBE9FF85328F148059F9159B2D1C7B4ED41CBE1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008ECF22,?), ref: 008EDDFD
                                                                                                                                                                                                                                                    • Part of subcall function 008EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008ECF22,?), ref: 008EDE16
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 008ECF45
                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 008ECF7F
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008ED005
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008ED01B
                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 008ED061
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                  • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                  • Opcode ID: f4d585e997198f3f19265a17491b67a589901f7708cc5ad06b82cb84a72ce8b4
                                                                                                                                                                                                                                                  • Instruction ID: cef18912c166fed3f6be9425f6f82ad94481b6e1a932454ae7c039d1925d3734
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4d585e997198f3f19265a17491b67a589901f7708cc5ad06b82cb84a72ce8b4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B84163B1D452585FDF12EBA5C981ADEB7B9FF09380F0000E6E505EB141EE74E689CB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00912E1C
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00912E4F
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00912E84
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00912EB6
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00912EE0
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00912EF1
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00912F0B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2178440468-0
                                                                                                                                                                                                                                                  • Opcode ID: 37c66528cee20729561c974b56ec6b5df2dafaefd23046ccb4b6a34916689f93
                                                                                                                                                                                                                                                  • Instruction ID: 4bb15f93cab3e273994e8c2721b80de6361eb52ae4d3ad1c6014c301e52c35dd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37c66528cee20729561c974b56ec6b5df2dafaefd23046ccb4b6a34916689f93
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7311370758259AFDB20DF18EC94FA937E9EB8A751F144164F9118F2B1CB71ACA0EB00
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008E7769
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008E778F
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 008E7792
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008E77B0
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 008E77B9
                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 008E77DE
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008E77EC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                                                                                                  • Opcode ID: f433e116d3718659aa4c2ba480dac8463d30c0e321f037fa917f0334a9defbd7
                                                                                                                                                                                                                                                  • Instruction ID: b24441efce7a6fe3a84a44710a848dd008fc4845563d8e1792cead15522bc019
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f433e116d3718659aa4c2ba480dac8463d30c0e321f037fa917f0334a9defbd7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF217CB6608219AFDB10AFA9CC88CBB77ACFB0A7647048025BA15DB1A1D670DC42C760
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008E7842
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008E7868
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 008E786B
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32 ref: 008E788C
                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 008E7895
                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 008E78AF
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008E78BD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                                                                                                  • Opcode ID: fd4244ec9def0822e44d4d3151a819b04bfeb57e8063057bd149cf406713a838
                                                                                                                                                                                                                                                  • Instruction ID: 063f5fb67be10ba364a43c54d831662989289b0f62ad898a1ee682098dc3d1bb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd4244ec9def0822e44d4d3151a819b04bfeb57e8063057bd149cf406713a838
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1219075608228BFDB10AFA9DC88DAA77ACFB1A3607148135F915CB2A1D670DC41DB68
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(0000000C), ref: 008F04F2
                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 008F052E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                  • String ID: nul
                                                                                                                                                                                                                                                  • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                  • Opcode ID: 601fb003617de282218eede845f8a2123d9e307d1ed72eeae8c826919e9c027a
                                                                                                                                                                                                                                                  • Instruction ID: e25831850b68e961ccb136b2f28f79745828494ade4b2ff4002e9ba1c49a07ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 601fb003617de282218eede845f8a2123d9e307d1ed72eeae8c826919e9c027a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 072153B56043099FDB205F79D844AA977A4FF48724F204A19F9A1E62D1D7B0D940DF20
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 008F05C6
                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 008F0601
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                  • String ID: nul
                                                                                                                                                                                                                                                  • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                  • Opcode ID: 9c691beec3a0d74c2dc52e4c31f954c29d554e190737b2aef6dda97ff33d0bef
                                                                                                                                                                                                                                                  • Instruction ID: f40f547876bc8813ee5b628349aa5529d918646e30ce63f553cfb59e387c85a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c691beec3a0d74c2dc52e4c31f954c29d554e190737b2aef6dda97ff33d0bef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C821A6B56043199FDB208F788C04AAA77E4FF95724F204A19FAA1E72D2D7B09860CF10
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0088600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0088604C
                                                                                                                                                                                                                                                    • Part of subcall function 0088600E: GetStockObject.GDI32(00000011), ref: 00886060
                                                                                                                                                                                                                                                    • Part of subcall function 0088600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0088606A
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00914112
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0091411F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0091412A
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00914139
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00914145
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                  • Opcode ID: 841c9dcab74a2db09ec052b44f831b78eaadca63f788445466bf4b29021bc4cf
                                                                                                                                                                                                                                                  • Instruction ID: e8ed8613a4e0113c2f669e48e8ce6f5f07694cbf933fec15dba9861eb1faaf68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 841c9dcab74a2db09ec052b44f831b78eaadca63f788445466bf4b29021bc4cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4011B2B225021DBEEF119F64CC85EE77F5DEF19798F004110BB18A6050C7729C61DBA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008BD7A3: _free.LIBCMT ref: 008BD7CC
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD82D
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000), ref: 008B29DE
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: GetLastError.KERNEL32(00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000,00000000), ref: 008B29F0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD838
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD843
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD897
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD8A2
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD8AD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD8B8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                  • Instruction ID: 6c007c246c8d73fffd159a8248cc638b946bead664e9c2fc0bc10d5b2be50728
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E11F671940B04BADA21BFB8CC46FCB7B9CFF04700F404C25B29DE6692EA65A5098666
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 008EDA74
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 008EDA7B
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 008EDA91
                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 008EDA98
                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 008EDADC
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 008EDAB9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                  • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                  • Opcode ID: f84a8f64ff3d1bb9180d3dc3d3a256ce5ffc166ddaf4b680f1fa6d9d29077eb3
                                                                                                                                                                                                                                                  • Instruction ID: 6baeb40282ccb502ccf3e467a3c863b524ec3ebf6f4a49073ff68aff987c065a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f84a8f64ff3d1bb9180d3dc3d3a256ce5ffc166ddaf4b680f1fa6d9d29077eb3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 340186F66443187FEB109BA49D89EEB336CE709345F4044A1F746E2041E6749E848F75
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(00ACE1B0,00ACE1B0), ref: 008F097B
                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00ACE190,00000000), ref: 008F098D
                                                                                                                                                                                                                                                  • TerminateThread.KERNEL32(?,000001F6), ref: 008F099B
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000003E8), ref: 008F09A9
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008F09B8
                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(00ACE1B0,000001F6), ref: 008F09C8
                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00ACE190), ref: 008F09CF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3495660284-0
                                                                                                                                                                                                                                                  • Opcode ID: 5691f9facb7508a5adc4a5258c370892c4e08793d2f34fce6c0f8a5055716050
                                                                                                                                                                                                                                                  • Instruction ID: fcc3bbc47b24ee86e23608808c0bf81167579479699270981385062758115e2c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5691f9facb7508a5adc4a5258c370892c4e08793d2f34fce6c0f8a5055716050
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F08171696612BFD7411FA0EE8CBE67B35FF01702F805411F201908A1C7749461DF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00885D30
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00885D71
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00885D99
                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00885ED7
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00885EF8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1296646539-0
                                                                                                                                                                                                                                                  • Opcode ID: ce8495a807502f4b606736c4f959fb29f69ee574e648236916a24f9ffc9d16c1
                                                                                                                                                                                                                                                  • Instruction ID: 4aea872e25d77d4345591ac32d2c86944ace7f54f267ce386761f9f3bce22b41
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8495a807502f4b606736c4f959fb29f69ee574e648236916a24f9ffc9d16c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42B16974A0064ADBDB10DFA9C880BEEB7F1FF58310F14941AE8A9D7250DB34EA91DB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 008B00BA
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008B00D6
                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 008B00ED
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008B010B
                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 008B0122
                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008B0140
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1992179935-0
                                                                                                                                                                                                                                                  • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                  • Instruction ID: cca79d5ff11f8ad2420fc92208b040744d7a365838252a434c0d48c314671472
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F881C471A00B069FE724AA6CCC41BAB73E9FF46364F24452EF551D7782EBB0D9008B51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00903149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0090101C,00000000,?,?,00000000), ref: 00903195
                                                                                                                                                                                                                                                  • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00901DC0
                                                                                                                                                                                                                                                  • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00901DE1
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00901DF2
                                                                                                                                                                                                                                                  • inet_ntoa.WSOCK32(?), ref: 00901E8C
                                                                                                                                                                                                                                                  • htons.WSOCK32(?,?,?,?,?), ref: 00901EDB
                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00901F35
                                                                                                                                                                                                                                                    • Part of subcall function 008E39E8: _strlen.LIBCMT ref: 008E39F2
                                                                                                                                                                                                                                                    • Part of subcall function 00886D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0089CF58,?,?,?), ref: 00886DBA
                                                                                                                                                                                                                                                    • Part of subcall function 00886D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0089CF58,?,?,?), ref: 00886DED
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1923757996-0
                                                                                                                                                                                                                                                  • Opcode ID: 92c2ea3676e7125457dbc2088cd99005cbfa3ff15f9346babc704ec2f4e89fb1
                                                                                                                                                                                                                                                  • Instruction ID: 7c0aaa49e44710517be850a71f30bb10dcf1d6d9e10a94c4de898be92fea184e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92c2ea3676e7125457dbc2088cd99005cbfa3ff15f9346babc704ec2f4e89fb1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFA1C071204341AFD724EB28C885E2A7BE9FF85318F54894CF5569B2E2DB31ED41CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008A82D9,008A82D9,?,?,?,008B644F,00000001,00000001,8BE85006), ref: 008B6258
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008B644F,00000001,00000001,8BE85006,?,?,?), ref: 008B62DE
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008B63D8
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 008B63E5
                                                                                                                                                                                                                                                    • Part of subcall function 008B3820: RtlAllocateHeap.NTDLL(00000000,?,00951444,?,0089FDF5,?,?,0088A976,00000010,00951440,008813FC,?,008813C6,?,00881129), ref: 008B3852
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 008B63EE
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 008B6413
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                                                                                                                                  • Opcode ID: 289bd6fdb7707fa91f029b00f8b3bd81ed1ee18f036a5f40d145d4feca482d48
                                                                                                                                                                                                                                                  • Instruction ID: a64b1e528148eb6509042756410ad134efef6e9d43ad4021761b783978a8274c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 289bd6fdb7707fa91f029b00f8b3bd81ed1ee18f036a5f40d145d4feca482d48
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B51C172A00216ABEB258F64DC81EEF77A9FB48750F144629FC15D6340EB38DC64D661
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0090B6AE,?,?), ref: 0090C9B5
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090C9F1
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA68
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA9E
                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0090BCCA
                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0090BD25
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0090BD6A
                                                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0090BD99
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0090BDF3
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0090BDFF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1120388591-0
                                                                                                                                                                                                                                                  • Opcode ID: 018b29968386ec93b88cb0cf4133512e79ff289606a95974879f1eb59e01f9a1
                                                                                                                                                                                                                                                  • Instruction ID: 07defe4a2c196175e0d35d44dc950959024d7d248e564bd56df2212335de2f7c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 018b29968386ec93b88cb0cf4133512e79ff289606a95974879f1eb59e01f9a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8818F70218241AFD714EF24C895E6ABBE9FF84308F14895CF5958B2A2DB31ED45CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(00000035), ref: 008DF7B9
                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000001), ref: 008DF860
                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(008DFA64,00000000), ref: 008DF889
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(008DFA64), ref: 008DF8AD
                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(008DFA64,00000000), ref: 008DF8B1
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008DF8BB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3859894641-0
                                                                                                                                                                                                                                                  • Opcode ID: b354fd3356a19a83d6d564729b193706e71f9b515561f6d796ed14f1153791f8
                                                                                                                                                                                                                                                  • Instruction ID: d856ec166d3286c3ecd6dc59a419df46051723564626ffc25575ac8746618230
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b354fd3356a19a83d6d564729b193706e71f9b515561f6d796ed14f1153791f8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2351F531A50314BACF20AB69D8A5B29B7A4FF45314B248567EA07DF393DB708C40E797
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00887620: _wcslen.LIBCMT ref: 00887625
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(00000058), ref: 008F94E5
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F9506
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F952D
                                                                                                                                                                                                                                                  • GetSaveFileNameW.COMDLG32(00000058), ref: 008F9585
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                  • String ID: X
                                                                                                                                                                                                                                                  • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                  • Opcode ID: a0b0d889ef28d60bf167c93d1ce646591380774fdd3fff8ce63cec078d8c0bca
                                                                                                                                                                                                                                                  • Instruction ID: a75c0a0f043c24e44913911e412ef62bac7329ade80fefc09aa83650b303e98c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0b0d889ef28d60bf167c93d1ce646591380774fdd3fff8ce63cec078d8c0bca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6E181715083058FD724EF28C881B6AB7E4FF85314F14856DE999DB2A2DB31ED05CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?,?), ref: 00899241
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 008992A5
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 008992C2
                                                                                                                                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008992D3
                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?,?,?,?), ref: 00899321
                                                                                                                                                                                                                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008D71EA
                                                                                                                                                                                                                                                    • Part of subcall function 00899339: BeginPath.GDI32(00000000), ref: 00899357
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3050599898-0
                                                                                                                                                                                                                                                  • Opcode ID: 9e8e3946f66e24440a99711a443c37308d3a753fdd2f8358c90a818febeccad1
                                                                                                                                                                                                                                                  • Instruction ID: c462daae2fb4301481ad6d1f4d2baf6c40e8d5b9b077f26fcd47ab811b230593
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e8e3946f66e24440a99711a443c37308d3a753fdd2f8358c90a818febeccad1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B341B370208301AFDB11EF59DC94FAA7BA8FB45365F04026DF9A5C72A1D7309845EB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 008F080C
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 008F0847
                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 008F0863
                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 008F08DC
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008F08F3
                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 008F0921
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3368777196-0
                                                                                                                                                                                                                                                  • Opcode ID: 9bbd42ccdc26fa3e315316932b8e3c241d00d27f27a1287086ff8dff1b3a8783
                                                                                                                                                                                                                                                  • Instruction ID: 7bf4930dc06f971dc894361a374821972308ff4e208a4285dbfffd4dacd010d2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bbd42ccdc26fa3e315316932b8e3c241d00d27f27a1287086ff8dff1b3a8783
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F415A71A14209AFDF14AF64DC85AAA7778FF04310B1480A5EE00DA297D730DE64DBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,008DF3AB,00000000,?,?,00000000,?,008D682C,00000004,00000000,00000000), ref: 0091824C
                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00918272
                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009182D1
                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 009182E5
                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 0091830B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0091832F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 642888154-0
                                                                                                                                                                                                                                                  • Opcode ID: d8aa34aef7b6ae3a86a9866748c21530e1b59767a29967fa117895baa8834852
                                                                                                                                                                                                                                                  • Instruction ID: 0ff73d3a98039005bde21e317ba12c17f9216ae7fcbaae9c1cdf39d639b36aa6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8aa34aef7b6ae3a86a9866748c21530e1b59767a29967fa117895baa8834852
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5410670705608AFDB26CF15D899BE57BE4FB0A755F184168E5284F2B2CB71AC81EB40
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 008E4C95
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 008E4CB2
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 008E4CEA
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008E4D08
                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 008E4D10
                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 008E4D1A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 72514467-0
                                                                                                                                                                                                                                                  • Opcode ID: be0a51147b646cbb279936ebefa13975dc55868161ef85bc498d0f8ad5205275
                                                                                                                                                                                                                                                  • Instruction ID: 774f3186512ba657d1b32c3d5e3544d33530c2159461e80fd4e5e8257810a5b6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be0a51147b646cbb279936ebefa13975dc55868161ef85bc498d0f8ad5205275
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC212672304245BBEB255B3AAC09E7F7B9CFF46750F149029F809CA192EA61DC00D2A1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00883AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00883A97,?,?,00882E7F,?,?,?,00000000), ref: 00883AC2
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008F587B
                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 008F5995
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0091FCF8,00000000,00000001,0091FB68,?), ref: 008F59AE
                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 008F59CC
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                                                                                                  • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                  • Opcode ID: 024d847d455e2003df7798ab4738c36780a56f5100555e60258aa08b4e2db0a2
                                                                                                                                                                                                                                                  • Instruction ID: 2d0e96242ba677e672ed2a4a172ededd8ecab6441d5fb0b09ac3b16cd48f6883
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 024d847d455e2003df7798ab4738c36780a56f5100555e60258aa08b4e2db0a2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACD153716087059FC714EF28C48092ABBE5FF89724F148859FA89DB361DB31ED45CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008E0FCA
                                                                                                                                                                                                                                                    • Part of subcall function 008E0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008E0FD6
                                                                                                                                                                                                                                                    • Part of subcall function 008E0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008E0FE5
                                                                                                                                                                                                                                                    • Part of subcall function 008E0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008E0FEC
                                                                                                                                                                                                                                                    • Part of subcall function 008E0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008E1002
                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000000,008E1335), ref: 008E17AE
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008E17BA
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 008E17C1
                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 008E17DA
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,008E1335), ref: 008E17EE
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E17F5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3008561057-0
                                                                                                                                                                                                                                                  • Opcode ID: 546342495914fb36edf5852b3dfc4aad99019eadc61b6f745775f5b4be402145
                                                                                                                                                                                                                                                  • Instruction ID: 1c4805842b9a2dabfe874ca72597a09a4996ecf0ff48d0b65105236f2889c4a2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 546342495914fb36edf5852b3dfc4aad99019eadc61b6f745775f5b4be402145
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A11A9726A8205FFDF109FA5CC49BAE7BA9FB46759F108018F881E7214C736A940DB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008E14FF
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 008E1506
                                                                                                                                                                                                                                                  • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 008E1515
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000004), ref: 008E1520
                                                                                                                                                                                                                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008E154F
                                                                                                                                                                                                                                                  • DestroyEnvironmentBlock.USERENV(00000000), ref: 008E1563
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1413079979-0
                                                                                                                                                                                                                                                  • Opcode ID: 4cebfa33414c8e0c9f468e95ef703bdf2bf5275dba6cd0b0b408a25422208a7c
                                                                                                                                                                                                                                                  • Instruction ID: 79ab608533d8f1f487975724a86f3f87f22432f4d39473a1f582c5b4c855a58d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cebfa33414c8e0c9f468e95ef703bdf2bf5275dba6cd0b0b408a25422208a7c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2115CB260424DABDF118F94DD49BDE7BA9FF49708F048014FA05E21A0C3718E61EB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,008A3379,008A2FE5), ref: 008A3390
                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008A339E
                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008A33B7
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,008A3379,008A2FE5), ref: 008A3409
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                  • Opcode ID: 60b9561830dbfbeac2b93ec720ac504ffb5b857869780f63e1fd807984ed25e1
                                                                                                                                                                                                                                                  • Instruction ID: 6ee616bbacbf461e43c94412ee40ff93b1dfcd4d536ab5a1397611864262d871
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60b9561830dbfbeac2b93ec720ac504ffb5b857869780f63e1fd807984ed25e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8501247271E311BEBE6427787C85A672B94FB273793200229F520C0AF0EF114D02B144
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,008B5686,008C3CD6,?,00000000,?,008B5B6A,?,?,?,?,?,008AE6D1,?,00948A48), ref: 008B2D78
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2DAB
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2DD3
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,008AE6D1,?,00948A48,00000010,00884F4A,?,?,00000000,008C3CD6), ref: 008B2DE0
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,008AE6D1,?,00948A48,00000010,00884F4A,?,?,00000000,008C3CD6), ref: 008B2DEC
                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 008B2DF2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                                                                  • Opcode ID: 3d32ca3fd856139ac462fc77e73703ad90162779b9897429da2d345f549f29fc
                                                                                                                                                                                                                                                  • Instruction ID: f185f2643d38204ac1d846ec666a8c8672a3e55a589da851fc8ad7a496aa1704
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d32ca3fd856139ac462fc77e73703ad90162779b9897429da2d345f549f29fc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAF0C875649A046BC622373CBC0AEEA2959FFC67A5F284518F834D23D6EF2488065162
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00899693
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: SelectObject.GDI32(?,00000000), ref: 008996A2
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: BeginPath.GDI32(?), ref: 008996B9
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: SelectObject.GDI32(?,00000000), ref: 008996E2
                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00918A4E
                                                                                                                                                                                                                                                  • LineTo.GDI32(?,00000003,00000000), ref: 00918A62
                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00918A70
                                                                                                                                                                                                                                                  • LineTo.GDI32(?,00000000,00000003), ref: 00918A80
                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 00918A90
                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00918AA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 43455801-0
                                                                                                                                                                                                                                                  • Opcode ID: a2f2b3692d8c34452dbec43ffd84f7627250728763ca3678504e5fd898ee9948
                                                                                                                                                                                                                                                  • Instruction ID: cb8fda8d3bde00c36009196442a4b08fa2ca04164ad8a65d79b3f0eecca3a543
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2f2b3692d8c34452dbec43ffd84f7627250728763ca3678504e5fd898ee9948
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE11E576144108FFDF129F94EC88EEA7F6CEB08390F048012FA199A1A1C7719D55EBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 008E5218
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 008E5229
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008E5230
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 008E5238
                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 008E524F
                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,00000001,?), ref: 008E5261
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                                                                                                                                  • Opcode ID: 2454a815bb22edc89d2d6e7aa81e1266d3dc084ae2ab57ac166c210183a76660
                                                                                                                                                                                                                                                  • Instruction ID: 1b9abf71610119290a16c45e39029a8be3aaded0efd0a3a4e8302386f3db4c3b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2454a815bb22edc89d2d6e7aa81e1266d3dc084ae2ab57ac166c210183a76660
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F50184B5B44709BBEB105BA69C49A9EBF78FB48351F048065FA04E7281D6709800DF60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00881BF4
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00881BFC
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00881C07
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00881C12
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00881C1A
                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00881C22
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Virtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                                                                                                                                  • Opcode ID: 16c1cc44cfa73a163f3d4794591af7fc88826896cefd2f29628c6c2e01ec0569
                                                                                                                                                                                                                                                  • Instruction ID: 43b4f5ebbae07e587a17ff093cdc11bcb602bc819a3172fc047a8a804c40baec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16c1cc44cfa73a163f3d4794591af7fc88826896cefd2f29628c6c2e01ec0569
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D016CB094275ABDE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008EEB30
                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 008EEB46
                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 008EEB55
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008EEB64
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008EEB6E
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008EEB75
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 839392675-0
                                                                                                                                                                                                                                                  • Opcode ID: 999c1e9b310ea554daa40ce3d0443ba20b33e367aac32a9b737bbec789e1ca05
                                                                                                                                                                                                                                                  • Instruction ID: d8269ba321d3b336a7785e02badcfc7e32522e6530474677a142580f44988d9b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 999c1e9b310ea554daa40ce3d0443ba20b33e367aac32a9b737bbec789e1ca05
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F090B2294159BBE72157529C0DEEF3A7CEFCAB51F008158F611D1090D7A01A01D6B4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetClientRect.USER32(?), ref: 008D7452
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 008D7469
                                                                                                                                                                                                                                                  • GetWindowDC.USER32(?), ref: 008D7475
                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 008D7484
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 008D7496
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 008D74B0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 272304278-0
                                                                                                                                                                                                                                                  • Opcode ID: 9cfff0de9047ecf77a32ec82c174b8760a7e477e6fba7236faf2fecfe0d5ba70
                                                                                                                                                                                                                                                  • Instruction ID: 4b83decb7dde45e624c6a0de3102081badacf3184200cfab1e24ca9c55346caf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cfff0de9047ecf77a32ec82c174b8760a7e477e6fba7236faf2fecfe0d5ba70
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF01AD71658219FFDB525F64DC08BEA7BB6FF04311F508164FA16A21A0CB311E41FB10
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008E187F
                                                                                                                                                                                                                                                  • UnloadUserProfile.USERENV(?,?), ref: 008E188B
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008E1894
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008E189C
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 008E18A5
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E18AC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 146765662-0
                                                                                                                                                                                                                                                  • Opcode ID: 7cb8e35eec3a947cfc24c5c257846f8c5574612d6318938ce1e8b57a4e4f5cf0
                                                                                                                                                                                                                                                  • Instruction ID: 53fa4ed2106f68cbf4abde07d7bddfb58067d64d9481d39f548b18be04cdae87
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cb8e35eec3a947cfc24c5c257846f8c5574612d6318938ce1e8b57a4e4f5cf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6E0EDB669C211BBD7015FA1ED0C985BF39FF49721750C220F22581070CB725421EF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00887620: _wcslen.LIBCMT ref: 00887625
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008EC6EE
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008EC735
                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008EC79C
                                                                                                                                                                                                                                                  • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 008EC7CA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 85cc590fff1619605b0686513e9f16c81540251fd9a6581b049d583089be2737
                                                                                                                                                                                                                                                  • Instruction ID: 2b500c26fa6c46075b3b10a7efbd717e22b170c23f94ff9043d2e51ea270d9a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85cc590fff1619605b0686513e9f16c81540251fd9a6581b049d583089be2737
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A651BE71A183809BD714AF2ECC85B6B7BE4FF9B314F040A2DF995D21A1DB60D8068B52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 0090AEA3
                                                                                                                                                                                                                                                    • Part of subcall function 00887620: _wcslen.LIBCMT ref: 00887625
                                                                                                                                                                                                                                                  • GetProcessId.KERNEL32(00000000), ref: 0090AF38
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0090AF67
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                  • String ID: <$@
                                                                                                                                                                                                                                                  • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                  • Opcode ID: b3eecfa7d59026714a16a92aa332534640893236f9d62f8f808bf5f6b5a1e9d5
                                                                                                                                                                                                                                                  • Instruction ID: 0b28187f59c2ad4b40feeb439870b3e52cf74244ef37e018f447fc039c8b9fce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3eecfa7d59026714a16a92aa332534640893236f9d62f8f808bf5f6b5a1e9d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29716C71A00615DFCB14EF58C484A9EBBF4FF08314F148499E856AB7A2CB74ED45CBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 008E7206
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 008E723C
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 008E724D
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008E72CF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                  • String ID: DllGetClassObject
                                                                                                                                                                                                                                                  • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                  • Opcode ID: d774b500792d86591a09261700bb32266f86ecdd9122eca17353e0fef455a707
                                                                                                                                                                                                                                                  • Instruction ID: 9046a5ac70f75e809ee431b6649f75a0f6903df14bf59b71dc03e4a4ddfe5f5d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d774b500792d86591a09261700bb32266f86ecdd9122eca17353e0fef455a707
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D84181B1604245EFDB15CF55C884A9A7BB9FF46314F1480A9BE0ADF20AD7B1DD44CBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00913E35
                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00913E4A
                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00913E92
                                                                                                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00913EA5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 70486dd3c9f76cd29d38c82f58fc44cfd4250b7f8b2c39a25fa86b1381c5cd83
                                                                                                                                                                                                                                                  • Instruction ID: f3f2ea58f542092dad57af89cf7c11a03a1326f6d4834cab811aa486cc71cdc1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70486dd3c9f76cd29d38c82f58fc44cfd4250b7f8b2c39a25fa86b1381c5cd83
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B4147B5A1430DAFDB10DF54D884AEABBB9FF49350F048129F915A7290D730AE84DF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008E3CCA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 008E1E66
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 008E1E79
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000189,?,00000000), ref: 008E1EA9
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                  • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                  • Opcode ID: 0c4a550f5622134150740f637aa989bc448daf04b0747744a17ee1b0a2faf84d
                                                                                                                                                                                                                                                  • Instruction ID: a86716526c4387d2fbb832bfd71215706e6cad3df47449ad1263b84467b966c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c4a550f5622134150740f637aa989bc448daf04b0747744a17ee1b0a2faf84d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 452101B1A00149BFDB18ABA9DC49CFFB7A8FF42364B144129F821E71E1DB3449099720
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                  • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                                                                                                                                                                  • API String ID: 176396367-4004644295
                                                                                                                                                                                                                                                  • Opcode ID: 5eb3ca718d6aab6ff36fc454b626b7596d0eb1fce94405dc7911f69ff89f9cea
                                                                                                                                                                                                                                                  • Instruction ID: ff3d1f0488b25ca189bbfeb153c3e04c633d2f5fbaaf35658d9d9b41120112ce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb3ca718d6aab6ff36fc454b626b7596d0eb1fce94405dc7911f69ff89f9cea
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA3109B3B0016A4FCB30EF6C89505BF339AABA1750B194229EC45AB3C5E670CD44D3A1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00912F8D
                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00912F94
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00912FA9
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00912FB1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                                                                                                                                  • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                  • Opcode ID: 90efe359bf401b919a290a3d3f79ca9b8ed4ead5d8ca14518154a4c405dcde27
                                                                                                                                                                                                                                                  • Instruction ID: f673deab115d1b530e0165cf11000a2ea264f59c84a9b8521d29d3f3d5982bfd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90efe359bf401b919a290a3d3f79ca9b8ed4ead5d8ca14518154a4c405dcde27
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9821AC71304209ABEB116FA4DC84FFB77BDEB59364F104618FA60D22A0D771DCA2A760
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008A4D1E,008B28E9,?,008A4CBE,008B28E9,009488B8,0000000C,008A4E15,008B28E9,00000002), ref: 008A4D8D
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008A4DA0
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,008A4D1E,008B28E9,?,008A4CBE,008B28E9,009488B8,0000000C,008A4E15,008B28E9,00000002,00000000), ref: 008A4DC3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: 4c35dd101238ba5324cd7ed5a0d88409c3abf6e211cb0064fd8b7e6277539da4
                                                                                                                                                                                                                                                  • Instruction ID: 67f54e99e3183c624d8b34fdb0fce4feafb5b33cd8d01d8461ff99d9b3da0fa4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c35dd101238ba5324cd7ed5a0d88409c3abf6e211cb0064fd8b7e6277539da4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F0AF74A94218BBEB109F94DC49BEDBBB8EF85751F0040A4F905E2660CB709940EA90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00884EDD,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884E9C
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00884EAE
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00884EDD,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884EC0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                  • Opcode ID: 2b00d753eb2eeea5f33f3b9971554962bc645640f85ca36ad24b6f724ec8c24f
                                                                                                                                                                                                                                                  • Instruction ID: c3e4581e1ff17ee4c98fa0c32201f9cc99ed69e8004a56943b5ed2cbc70d358f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b00d753eb2eeea5f33f3b9971554962bc645640f85ca36ad24b6f724ec8c24f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29E08C76BAA623AB93222B25AC18AAB6658FFC1B72B054115FC04E2200DB60CD01D2A0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008C3CDE,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884E62
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00884E74
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,008C3CDE,?,00951418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00884E87
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                  • Opcode ID: 399e58cb0f18ba77265622733d773200383ac2615eef1977439cdb376e1fc474
                                                                                                                                                                                                                                                  • Instruction ID: c8922bf6e51064f6bc0c6dde0f824cda70919d78cf2076d08943fefd26c71d26
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 399e58cb0f18ba77265622733d773200383ac2615eef1977439cdb376e1fc474
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0D0C2327DA6226746322B246C08DCB2A18FF81B253458110B804E2110CF20CD01D2D0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008F2C05
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 008F2C87
                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 008F2C9D
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008F2CAE
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008F2CC0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3226157194-0
                                                                                                                                                                                                                                                  • Opcode ID: 60e61eb115f463ed8d84212cca1c94d142114aebf8e75f75413631c174be33d7
                                                                                                                                                                                                                                                  • Instruction ID: 73a1b0f7daa3d859930960c3b6a8a3bfadd319eb9133963d8ad6b18fdf1b7177
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60e61eb115f463ed8d84212cca1c94d142114aebf8e75f75413631c174be33d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13B12F71D0011DABDF15EBA8CC85EEEBB7DFF49354F1040A6F609E6151EA309A448F62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 0090A427
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0090A435
                                                                                                                                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0090A468
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0090A63D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3488606520-0
                                                                                                                                                                                                                                                  • Opcode ID: 7d8d3cdb9a17c1937bd8f517deda4acc5d7d449f403618f3061981ac7edf0f52
                                                                                                                                                                                                                                                  • Instruction ID: 02cbe102863686fd486a20cdc8e650ab57499780be37faaa707428da84d77f5b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d8d3cdb9a17c1937bd8f517deda4acc5d7d449f403618f3061981ac7edf0f52
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39A12D716043019FE720EF28D886B2AB7E5BF84714F14885DF55ADB2D2DAB1EC418B92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008ECF22,?), ref: 008EDDFD
                                                                                                                                                                                                                                                    • Part of subcall function 008EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008ECF22,?), ref: 008EDE16
                                                                                                                                                                                                                                                    • Part of subcall function 008EE199: GetFileAttributesW.KERNEL32(?,008ECF95), ref: 008EE19A
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 008EE473
                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 008EE4AC
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008EE5EB
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008EE603
                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 008EE650
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3183298772-0
                                                                                                                                                                                                                                                  • Opcode ID: a2268581b581c1898c1a6c10e013a6b0fca5081e7045d1177fe746f08608d55e
                                                                                                                                                                                                                                                  • Instruction ID: d8ca24c22ef8667d0e205baa139412aeb5fb58040a41c071ff8401899896b320
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2268581b581c1898c1a6c10e013a6b0fca5081e7045d1177fe746f08608d55e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 115192B24087855BD724EB94C8819DB73ECFF86344F00492EF589D3191EE74A288875B
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0090B6AE,?,?), ref: 0090C9B5
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090C9F1
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA68
                                                                                                                                                                                                                                                    • Part of subcall function 0090C998: _wcslen.LIBCMT ref: 0090CA9E
                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0090BAA5
                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0090BB00
                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0090BB63
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?), ref: 0090BBA6
                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 0090BBB3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 826366716-0
                                                                                                                                                                                                                                                  • Opcode ID: c6bf1b43cf6b00431b9fcf01a20efafab7a69d8f24994979f0f7b561586acbc0
                                                                                                                                                                                                                                                  • Instruction ID: 42274e5a8ec4417dcd3e5cb94af18f1ff20c7ead78c019d35961fc7724330a17
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6bf1b43cf6b00431b9fcf01a20efafab7a69d8f24994979f0f7b561586acbc0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E618271208241EFD714DF54C490E6ABBE9FF84308F54895DF4998B2A2DB31ED45CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 008E8BCD
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 008E8C3E
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 008E8C9D
                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008E8D10
                                                                                                                                                                                                                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 008E8D3B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4136290138-0
                                                                                                                                                                                                                                                  • Opcode ID: 50f6a7896ffe9ba71da1e0b2e83b73c51e90ae8e943e60aae46985f89f34f031
                                                                                                                                                                                                                                                  • Instruction ID: 8742e53dc738a3d858bf3ceaa87e22ca074afae47975202e7031bd49804483ce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50f6a7896ffe9ba71da1e0b2e83b73c51e90ae8e943e60aae46985f89f34f031
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 455178B5A00659EFCB10CF69C884AAAB7F9FF8A314B158559F909DB350E730E911CF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 008F8BAE
                                                                                                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 008F8BDA
                                                                                                                                                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 008F8C32
                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 008F8C57
                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 008F8C5F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2832842796-0
                                                                                                                                                                                                                                                  • Opcode ID: c701a99e316d5bf3ff7641b1249c9bca24ca988d00da7cf41f730306c75604c5
                                                                                                                                                                                                                                                  • Instruction ID: 418e3d48a4d15a8a7d71b5965388b15870dd19be2996dc4fa36a0e665d90c43c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c701a99e316d5bf3ff7641b1249c9bca24ca988d00da7cf41f730306c75604c5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C513935A00219DFCB04EF68C880A6DBBF5FF48314F088458E959AB362CB31ED41CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00908F40
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00908FD0
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 00908FEC
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00909032
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00909052
                                                                                                                                                                                                                                                    • Part of subcall function 0089F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,008F1043,?,753CE610), ref: 0089F6E6
                                                                                                                                                                                                                                                    • Part of subcall function 0089F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,008DFA64,00000000,00000000,?,?,008F1043,?,753CE610,?,008DFA64), ref: 0089F70D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 666041331-0
                                                                                                                                                                                                                                                  • Opcode ID: 85114efc0098d137dd4aefe98e39f4c5228f16f0fb0a585331cd7da80fef6b1e
                                                                                                                                                                                                                                                  • Instruction ID: a175a42a655f9c48a9bec03a7c8c2fd256fe542e67b0e58d33640b3ea171f5c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85114efc0098d137dd4aefe98e39f4c5228f16f0fb0a585331cd7da80fef6b1e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77515E75605205DFC715EF68C4848AEBBF5FF49314B0880A8E945AB3A2DB31ED86CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00916C33
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,?), ref: 00916C4A
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00916C73
                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,008FAB79,00000000,00000000), ref: 00916C98
                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00916CC7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3688381893-0
                                                                                                                                                                                                                                                  • Opcode ID: db285aae2c299a13c0852dc376c5edc3b0a6051df1e853477ea9f3f90e840978
                                                                                                                                                                                                                                                  • Instruction ID: 66eafde6eca739873107babcdaaf1862526ebb6ba89c8c1345d741eed0e4cb22
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db285aae2c299a13c0852dc376c5edc3b0a6051df1e853477ea9f3f90e840978
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F41D475F08108AFD724CF28CD58FE97BA9EB09350F154268FAD5A72E0C371AD81DA80
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 489f4ca71329019d007f0680620dbaf208071838c674fa3c483fc9916826bf0d
                                                                                                                                                                                                                                                  • Instruction ID: 9e1af4d23ca34fd631c809238e997f77117ac6794f1a34821b441b294ec2cb5a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 489f4ca71329019d007f0680620dbaf208071838c674fa3c483fc9916826bf0d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D41D272A00604AFCB24EF7CC881A9DB7A5FF89314F1545A8E615EB356DB31AD01DB81
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00899141
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 0089915E
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000001), ref: 00899183
                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000002), ref: 0089919D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4210589936-0
                                                                                                                                                                                                                                                  • Opcode ID: ee8702d199572d6454501e066b28efe187950abb947a57a67ba48581775112ca
                                                                                                                                                                                                                                                  • Instruction ID: cf573b5afdac447a8c42d3940911f5fefa675892e7c08093da0794af897d1bb6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee8702d199572d6454501e066b28efe187950abb947a57a67ba48581775112ca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A417F71A0861AFBDF05AF68C844BEEB774FB05324F24831AE465E32D0D7346990DB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetInputState.USER32 ref: 008F38CB
                                                                                                                                                                                                                                                  • TranslateAcceleratorW.USER32(?,00000000,?), ref: 008F3922
                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 008F394B
                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 008F3955
                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008F3966
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2256411358-0
                                                                                                                                                                                                                                                  • Opcode ID: 5d6d92dec09034e96ff2785e93d2d506f632dd8fcc077928a23e17b4b6bccfd3
                                                                                                                                                                                                                                                  • Instruction ID: eb826702e7151211e9173103de345a52a93795de08f4514f945199ca6a403df5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d6d92dec09034e96ff2785e93d2d506f632dd8fcc077928a23e17b4b6bccfd3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D31F77071834A9FEB35CB35D818BB63FA8FB02345F04056DE662C21A0E3F49A85DB11
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,008FC21E,00000000), ref: 008FCF38
                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,?,?), ref: 008FCF6F
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,?,?,008FC21E,00000000), ref: 008FCFB4
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,008FC21E,00000000), ref: 008FCFC8
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,008FC21E,00000000), ref: 008FCFF2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3191363074-0
                                                                                                                                                                                                                                                  • Opcode ID: 24775c84d425578034623eb61ac0c0515efc2e81d49a3555e8ab8b50decd7a53
                                                                                                                                                                                                                                                  • Instruction ID: 900c663bb1972c336c1d3e5656dd11c60f75cd93c26e5c7750787d7b4c8e5775
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24775c84d425578034623eb61ac0c0515efc2e81d49a3555e8ab8b50decd7a53
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00314BB160420DAFDB24DFA5C984ABABBF9FB14355B10842EF616D2141DB70AE41DB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 008E1915
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000001,00000201,00000001), ref: 008E19C1
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?), ref: 008E19C9
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000001,00000202,00000000), ref: 008E19DA
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008E19E2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3382505437-0
                                                                                                                                                                                                                                                  • Opcode ID: 292fca12b91aa65f59b0049bb96d1519056a2a2dba989d6fe6c51fe8b549fdc0
                                                                                                                                                                                                                                                  • Instruction ID: 45d0c0b34c567b8bd6bf8745cef0366e945383adb5a0b30e6287bea2853052bf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 292fca12b91aa65f59b0049bb96d1519056a2a2dba989d6fe6c51fe8b549fdc0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9319C71A14259EFCB00DFA9C99DAEE3BB5FB05315F108229F921EB2D2C7709944DB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00915745
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 0091579D
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 009157AF
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 009157BA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00915816
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 763830540-0
                                                                                                                                                                                                                                                  • Opcode ID: 07acf8d69f10ec82ba2496874d4ea0faa4eda871a59daada13650bd0715bc11a
                                                                                                                                                                                                                                                  • Instruction ID: 96331fd5c0b986bb3ccdea8bc9e9a5a070c2bf319b3a31df416e009c94bf07f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07acf8d69f10ec82ba2496874d4ea0faa4eda871a59daada13650bd0715bc11a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C21D570A0460CDADB209FA5CC85AEEBBBCFF84324F118616E919EA1D0D77089C5CF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 00900951
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00900968
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 009009A4
                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 009009B0
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000003), ref: 009009E8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4156661090-0
                                                                                                                                                                                                                                                  • Opcode ID: e4f547c77f3bd375100b4fb7ed7963eec3a82a72fcba2b66c7fb18f2f68049d7
                                                                                                                                                                                                                                                  • Instruction ID: 35568849f4ff13cc454039c7db53a81bc24f8f66171de0bdcfba27c87ef828c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4f547c77f3bd375100b4fb7ed7963eec3a82a72fcba2b66c7fb18f2f68049d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7218175700204AFD704EF69D888AAEBBE9FF85740F048468E95AD7362CB70AC04DB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 008BCDC6
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008BCDE9
                                                                                                                                                                                                                                                    • Part of subcall function 008B3820: RtlAllocateHeap.NTDLL(00000000,?,00951444,?,0089FDF5,?,?,0088A976,00000010,00951440,008813FC,?,008813C6,?,00881129), ref: 008B3852
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008BCE0F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BCE22
                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008BCE31
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 336800556-0
                                                                                                                                                                                                                                                  • Opcode ID: e289301054742d89dcfe1cb8a4d94776f59d7aca2a8e49995c2590b9a923dd33
                                                                                                                                                                                                                                                  • Instruction ID: 0f4e22be6a44e4f9cf05c00b39329792ba541314d88af4d8c4f921904f28302d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e289301054742d89dcfe1cb8a4d94776f59d7aca2a8e49995c2590b9a923dd33
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 540184B2745215BF23211ABAAC88DFF6A6DFEC6BA13154129F905DB301EB61CD0291B1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 008998CC
                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 008998D6
                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 008998E9
                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 008998F1
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00899952
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1860813098-0
                                                                                                                                                                                                                                                  • Opcode ID: 2d468330f59625a3f68542b7eed3dd75287bd3fe65c57addca784fa31609d3f1
                                                                                                                                                                                                                                                  • Instruction ID: d34bec65ab3c22af99493874116a29ac0f96fc7d45d862eef8196ebed72b91b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d468330f59625a3f68542b7eed3dd75287bd3fe65c57addca784fa31609d3f1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B721C4712492809FDB229F79EC58AE93FA0FB17331B0C429EE5E2CA1B1D7314941DB10
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00899693
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 008996A2
                                                                                                                                                                                                                                                  • BeginPath.GDI32(?), ref: 008996B9
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 008996E2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                                                                                                                  • Opcode ID: 0df0707d4ee1d537f718e3145db5b67b9bd9e48822aaeea606679eb76968c0a9
                                                                                                                                                                                                                                                  • Instruction ID: 8414245b335f5177d6e3fc4ef7e855be9bb981c044080a16cb4344e9c2817914
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0df0707d4ee1d537f718e3145db5b67b9bd9e48822aaeea606679eb76968c0a9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4321B370929305EBDF12AF6AFC247E93B68FB21356F14421AF451D21B0D3705851EB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                                                                                                                  • Opcode ID: 1ac09092bf7845fcd18092ba431739d1e14a1a75bd3ca9fa85b1e68a940e3ae4
                                                                                                                                                                                                                                                  • Instruction ID: 7ef2306fe1ad2c0e7a9f609681b1d5beef4bb2fa362cbef7873201c78cb454f4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ac09092bf7845fcd18092ba431739d1e14a1a75bd3ca9fa85b1e68a940e3ae4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 370192A2745A4DFAEA0895169D92EFB635CFB6339CF004020FD08DA641F764ED6082E1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,008AF2DE,008B3863,00951444,?,0089FDF5,?,?,0088A976,00000010,00951440,008813FC,?,008813C6), ref: 008B2DFD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2E32
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2E59
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00881129), ref: 008B2E66
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00881129), ref: 008B2E6F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                  • Opcode ID: edaf10d258f15e5cdb43128edfd4ebe46c83a397a5e27aef1b6a63f3786eb854
                                                                                                                                                                                                                                                  • Instruction ID: b2095bce7c2cdffc122fea2f314120c7ffedae5b67445c51b8d8cb53d0278ac5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edaf10d258f15e5cdb43128edfd4ebe46c83a397a5e27aef1b6a63f3786eb854
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 200128762896007BC613673A6C46DEB2A6DFBC53B6B204428F835E23D3EF34CC065121
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?,?,?,008E035E), ref: 008E002B
                                                                                                                                                                                                                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?,?), ref: 008E0046
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?,?), ref: 008E0054
                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?), ref: 008E0064
                                                                                                                                                                                                                                                  • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008DFF41,80070057,?,?), ref: 008E0070
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3897988419-0
                                                                                                                                                                                                                                                  • Opcode ID: 56ae902700c9b1215ea5f80cec37d52fdc2ef9d2592ea21b550aed30c7e8b8cd
                                                                                                                                                                                                                                                  • Instruction ID: c60188996b353cca8a4f698febaf4b25f3d7e4d1bc3a2e797e013caef28d64d9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56ae902700c9b1215ea5f80cec37d52fdc2ef9d2592ea21b550aed30c7e8b8cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6601DBB2710604BFDB119F6AEC44BAA7AADFB44392F148424FC01D2210E7B0CD80EBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 008EE997
                                                                                                                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?), ref: 008EE9A5
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 008EE9AD
                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 008EE9B7
                                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 008EE9F3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                                                                                                                                  • Opcode ID: 6bfdb76177a11d46d590ec428afa0e2861bdc8dcd933a8ede590353e652178e3
                                                                                                                                                                                                                                                  • Instruction ID: 12962bf8aefc5d0c7a6bad86e2fc3a67bf77021b9c824b743aba9a347ce41cb3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bfdb76177a11d46d590ec428afa0e2861bdc8dcd933a8ede590353e652178e3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0015771D4962DEBCF00ABE6D849AEDBBB8FB0A300F004546E502F2242CB309550DBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008E1114
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E1120
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E112F
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008E0B9B,?,?,?), ref: 008E1136
                                                                                                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008E114D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 842720411-0
                                                                                                                                                                                                                                                  • Opcode ID: 01cb1f782e2c8bc561d92caaf33b4f1b7579b61c04a7ef8081706e58cd692527
                                                                                                                                                                                                                                                  • Instruction ID: 05ae58587b1f3892233058a1b4dd468b9a17aacfd3270e5ee859c04811714680
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01cb1f782e2c8bc561d92caaf33b4f1b7579b61c04a7ef8081706e58cd692527
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15011DB9254305BFDF114F65DC4DAAA3B6EFF86360B104415FA45D7350DA71DC10DA60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008E0FCA
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008E0FD6
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008E0FE5
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008E0FEC
                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008E1002
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                                                                                                                  • Opcode ID: ee9be68e9f1da497d79d4357029b968ea965b969e1839b9685164aa5f99cdea5
                                                                                                                                                                                                                                                  • Instruction ID: c48741309444fed7537d2de6868ed0a334afa677db1f898cac28567153684329
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee9be68e9f1da497d79d4357029b968ea965b969e1839b9685164aa5f99cdea5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59F0AF79284301BBDB210FA59C4DF963B6EFF8A761F518414F905C6290CA30DC40DA60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008E102A
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008E1036
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008E1045
                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008E104C
                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008E1062
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                                                                                                                  • Opcode ID: 4ed47c654f51da3aea53cbadcd28507a09d6119c4f28e71af74fafd5c30ff2f1
                                                                                                                                                                                                                                                  • Instruction ID: 2eba6c99b093d26468d6847e08c90dd9469685e713b3a63b0608c10d961d67e9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ed47c654f51da3aea53cbadcd28507a09d6119c4f28e71af74fafd5c30ff2f1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF0CDB9284301FBDB215FA5EC4CF963BAEFF8A761F114424FA05C7250CA30D840DA60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,008F017D,?,008F32FC,?,00000001,008C2592,?), ref: 008F0324
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,008F017D,?,008F32FC,?,00000001,008C2592,?), ref: 008F0331
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,008F017D,?,008F32FC,?,00000001,008C2592,?), ref: 008F033E
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,008F017D,?,008F32FC,?,00000001,008C2592,?), ref: 008F034B
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,008F017D,?,008F32FC,?,00000001,008C2592,?), ref: 008F0358
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,008F017D,?,008F32FC,?,00000001,008C2592,?), ref: 008F0365
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                  • Opcode ID: 86cc8647afec7b11613ff47499c9f0792f5b4f62f2aa40dc65d1d04f1ef5d3d7
                                                                                                                                                                                                                                                  • Instruction ID: 9adc845cc69336650d192eef3db4b3ed2ad06894ae4e25b88fede564e1ab4985
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86cc8647afec7b11613ff47499c9f0792f5b4f62f2aa40dc65d1d04f1ef5d3d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F01A272800B199FC7309F66D880822F7F5FF503153158A3FD29692A32C371A955DF80
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD752
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000), ref: 008B29DE
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: GetLastError.KERNEL32(00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000,00000000), ref: 008B29F0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD764
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD776
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD788
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008BD79A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: cd7f2af3f5b828f2bf0d15fc4cb3cb52c039165c97d1b13749d380c5315126ad
                                                                                                                                                                                                                                                  • Instruction ID: 8f462fdf409c519d11c6e35b488cf8a6a0844bf06594cf2e6758d3cefc09afb8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd7f2af3f5b828f2bf0d15fc4cb3cb52c039165c97d1b13749d380c5315126ad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47F0F97655A308BB8665EB68F9C6DDA7BDDFB45710BA40C05F048E7702DB20FC808A69
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 008E5C58
                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 008E5C6F
                                                                                                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 008E5C87
                                                                                                                                                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 008E5CA3
                                                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 008E5CBD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3741023627-0
                                                                                                                                                                                                                                                  • Opcode ID: 085b300f09f864d4973d59aeb019445520f47cf99e58f14ee45059f26d2e5b98
                                                                                                                                                                                                                                                  • Instruction ID: 4b24ede05611f118bcb5f986b239f2afd0db40b1cc09bbe53f06d5cf6ee4fd73
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 085b300f09f864d4973d59aeb019445520f47cf99e58f14ee45059f26d2e5b98
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B801F470640B04ABEB205B11DD5EFE677B8FF05B49F000159B283E10E1DBF4A984DB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B22BE
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000), ref: 008B29DE
                                                                                                                                                                                                                                                    • Part of subcall function 008B29C8: GetLastError.KERNEL32(00000000,?,008BD7D1,00000000,00000000,00000000,00000000,?,008BD7F8,00000000,00000007,00000000,?,008BDBF5,00000000,00000000), ref: 008B29F0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B22D0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B22E3
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B22F4
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B2305
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: b0c9ff87da569c60488d0ca5a6914d3d98192d24089c04d1a3ba1364dbd0694f
                                                                                                                                                                                                                                                  • Instruction ID: 094db9b7b112ca395bcb75fc37a46cd72ef30f22e4d289523c8d2f1140431dce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0c9ff87da569c60488d0ca5a6914d3d98192d24089c04d1a3ba1364dbd0694f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BF0F4B54293109FC652AF59BC01E983F65F719752B050A06F818D6371C7310555BFE6
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 008995D4
                                                                                                                                                                                                                                                  • StrokeAndFillPath.GDI32(?,?,008D71F7,00000000,?,?,?), ref: 008995F0
                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00899603
                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00899616
                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00899631
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2625713937-0
                                                                                                                                                                                                                                                  • Opcode ID: e73b13ac8cbf16f8b3401d4065b0deca717b4abcfb9cc247f25d8b164361014a
                                                                                                                                                                                                                                                  • Instruction ID: bee4a5ec1d1f31c6bfad2a53be1ffaa83be4d12818451adde1a9b22591861d4b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e73b13ac8cbf16f8b3401d4065b0deca717b4abcfb9cc247f25d8b164361014a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75F0F67016D308EBDB126F6AFD287A93B61FB15363F088218E4A5950F0C7308991EF64
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __freea$_free
                                                                                                                                                                                                                                                  • String ID: a/p$am/pm
                                                                                                                                                                                                                                                  • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                  • Opcode ID: d37a70634484d706aff039986c77e9f2467fa5d58c2abdcddc2f446e03ff6600
                                                                                                                                                                                                                                                  • Instruction ID: 357069228142d3a2a177b64138ce1e005bcbf63e61a85bda51c2303d2a0f8247
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d37a70634484d706aff039986c77e9f2467fa5d58c2abdcddc2f446e03ff6600
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AD1C13190020A9ADF249F68C86DAFABBB1FF09704FA84159E501DFB50E7799D81CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008A0242: EnterCriticalSection.KERNEL32(0095070C,00951884,?,?,0089198B,00952518,?,?,?,008812F9,00000000), ref: 008A024D
                                                                                                                                                                                                                                                    • Part of subcall function 008A0242: LeaveCriticalSection.KERNEL32(0095070C,?,0089198B,00952518,?,?,?,008812F9,00000000), ref: 008A028A
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008A00A3: __onexit.LIBCMT ref: 008A00A9
                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00907BFB
                                                                                                                                                                                                                                                    • Part of subcall function 008A01F8: EnterCriticalSection.KERNEL32(0095070C,?,?,00898747,00952514), ref: 008A0202
                                                                                                                                                                                                                                                    • Part of subcall function 008A01F8: LeaveCriticalSection.KERNEL32(0095070C,?,00898747,00952514), ref: 008A0235
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                  • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                  • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                  • Opcode ID: 74eee41ac137f9ec28de0af9c9c34e4fbd0763e938dbea66e3170a270de72b08
                                                                                                                                                                                                                                                  • Instruction ID: 72aeb5441c1d2cd46e35cba68fa043e6fbea041c68f39476d237e1ae2ea6ebbf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74eee41ac137f9ec28de0af9c9c34e4fbd0763e938dbea66e3170a270de72b08
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9919A70A04209EFCB14EF98D8819BEB7B5FF49310F148459F846AB2D2DB71AE81CB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008EB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008E21D0,?,?,00000034,00000800,?,00000034), ref: 008EB42D
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 008E2760
                                                                                                                                                                                                                                                    • Part of subcall function 008EB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008E21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 008EB3F8
                                                                                                                                                                                                                                                    • Part of subcall function 008EB32A: GetWindowThreadProcessId.USER32(?,?), ref: 008EB355
                                                                                                                                                                                                                                                    • Part of subcall function 008EB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,008E2194,00000034,?,?,00001004,00000000,00000000), ref: 008EB365
                                                                                                                                                                                                                                                    • Part of subcall function 008EB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,008E2194,00000034,?,?,00001004,00000000,00000000), ref: 008EB37B
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008E27CD
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008E281A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 6e9c9a862e1a8e598f978f1c990c8ec9c77c31d881a38d28fb8f7e6aac189671
                                                                                                                                                                                                                                                  • Instruction ID: 2e7800529742407eb754b01d8f0f1028c9c96caf595f414bef8b146b6b228c6d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e9c9a862e1a8e598f978f1c990c8ec9c77c31d881a38d28fb8f7e6aac189671
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26411D72900218BFDB10DBA9CD46ADEBBB8FF0A700F104055FA55B7181DB706E45CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 008B1769
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B1834
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 008B183E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                  • API String ID: 2506810119-1957095476
                                                                                                                                                                                                                                                  • Opcode ID: ec13a0e81c84c12ab6dec53dfd9a2407110248ce2d99e9ef7d9bc5ecbc43845c
                                                                                                                                                                                                                                                  • Instruction ID: ddba342ff9c5e9a58590e9856f3e6a5eb6ef518c31694187e4a2741bb905d48e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec13a0e81c84c12ab6dec53dfd9a2407110248ce2d99e9ef7d9bc5ecbc43845c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96318E71A44218ABDF21DF999889EDEBBFCFB85310F504166F814DB311DA708E40DB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 008EC306
                                                                                                                                                                                                                                                  • DeleteMenu.USER32(?,00000007,00000000), ref: 008EC34C
                                                                                                                                                                                                                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00951990,00AD5768), ref: 008EC395
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 53c067321636d91abb4d04e282b46e38aba478ea3c209dc7d5bec7d25492a5f4
                                                                                                                                                                                                                                                  • Instruction ID: c83f7f55a2ddd82cd8f5b25d588049ae9d07a0a2962c28545a9f9cd3a2a92fb7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53c067321636d91abb4d04e282b46e38aba478ea3c209dc7d5bec7d25492a5f4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41418E71608381AFD720DF2AD844B5BBBA8FB86314F04861DF9A5D73D1D730A905CB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0091CC08,00000000,?,?,?,?), ref: 009144AA
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32 ref: 009144C7
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009144D7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                                                                                                  • String ID: SysTreeView32
                                                                                                                                                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                  • Opcode ID: cfcb732d9b54c019aa6ec4643d50ac387f560d189743552a173bd04cea866852
                                                                                                                                                                                                                                                  • Instruction ID: e7fa08f033c213ca666279565c3425ba940e702dcd29e6a72e2116a6adfe790d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfcb732d9b54c019aa6ec4643d50ac387f560d189743552a173bd04cea866852
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01319A72314609ABDF209E38DC45BEA7BAAEB08334F204725F975A21E0D770AC909B50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0090335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00903077,?,?), ref: 00903378
                                                                                                                                                                                                                                                  • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0090307A
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 0090309B
                                                                                                                                                                                                                                                  • htons.WSOCK32(00000000,?,?,00000000), ref: 00903106
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                  • String ID: 255.255.255.255
                                                                                                                                                                                                                                                  • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                  • Opcode ID: 74dc7423c998ac4a342cc36ecbbd9e5f75fa79a141682b8c17d547f705916e2e
                                                                                                                                                                                                                                                  • Instruction ID: 341eeb10eb42ad59b1d1c2935616e05a910f6899a85399c53fa2c8d01054d73d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74dc7423c998ac4a342cc36ecbbd9e5f75fa79a141682b8c17d547f705916e2e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4731B0392042059FCB20CF29C485EAA77F8EF55318F24C499E8158B7D2DB72EE45C761
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00913F40
                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00913F54
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00913F78
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$Window
                                                                                                                                                                                                                                                  • String ID: SysMonthCal32
                                                                                                                                                                                                                                                  • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                  • Opcode ID: f2be39259e1ca26ff02c878e9c58faf30685270ccf08df63c73bf365ead6fe95
                                                                                                                                                                                                                                                  • Instruction ID: 06efe42a3f5ae2e07449aa92bfcfccb8452eb01e830fcb453001967ab6705c10
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2be39259e1ca26ff02c878e9c58faf30685270ccf08df63c73bf365ead6fe95
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D121BC32610219BFEF218F94CC46FEA3B79EB88724F114214FA15BB1D0D6B1A891DB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00914705
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00914713
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0091471A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                                                                                                                                  • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                  • Opcode ID: d26e6e718e4e84d429826a7da7729b7b637044370cb23924c22ed6b4215b22a2
                                                                                                                                                                                                                                                  • Instruction ID: 06967de18fadb1b7150218a99c32b03b32ea3c023c94bc5594a90f5cedc403da
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d26e6e718e4e84d429826a7da7729b7b637044370cb23924c22ed6b4215b22a2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A216DB5604209AFEB11DF68DCD1DA737ADEB9A7A8B040059FA00DB291CB70EC51DB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                  • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                  • Opcode ID: 977c681e4c74fc384e9b716e43ca0307cde0a48c6e1f5f4564aad981f5f9902e
                                                                                                                                                                                                                                                  • Instruction ID: 54b323c02ce2dd1cd3e989ae72c07c12ac2135ca19be156bb4b49930e9c6de24
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 977c681e4c74fc384e9b716e43ca0307cde0a48c6e1f5f4564aad981f5f9902e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B216872204694A6D731BB2A9C02FBB73A8FFA3304F144426F989D7051EBD49D91C3A2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00913840
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00913850
                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00913876
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                  • String ID: Listbox
                                                                                                                                                                                                                                                  • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                  • Opcode ID: 079cd0494f7074f991952ef6df0151e1f7d4511d5bd835ac700a053d2c1b0a96
                                                                                                                                                                                                                                                  • Instruction ID: 54041c3eef6e7573a72bceec3216abbb8918ca9f38e0eb889a1ce9b059fda8c2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 079cd0494f7074f991952ef6df0151e1f7d4511d5bd835ac700a053d2c1b0a96
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E021AC72710218BBEF218F64CC81FEB377EEF89754F108124F9009B190C6719C9287A0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 008F4A08
                                                                                                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 008F4A5C
                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,0091CC08), ref: 008F4AD0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                  • String ID: %lu
                                                                                                                                                                                                                                                  • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                  • Opcode ID: 45b3d84b91efc86a2ad37ae259233359945b9d73a16b3f06048be62602b18a25
                                                                                                                                                                                                                                                  • Instruction ID: 4ce46871df4c0deb3afe86ea6dd6b2e68cc146c99f006b88ae486232a14cfdd3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45b3d84b91efc86a2ad37ae259233359945b9d73a16b3f06048be62602b18a25
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7317175A40109AFDB10DF68C885EAA7BF8FF09308F1480A9F909DB252D771ED45CB62
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0091424F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00914264
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00914271
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                  • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                  • Opcode ID: 42ea53af47dfa4758ca2f335f185dc7f697e863bf6edcd8d76cb9509986d4aef
                                                                                                                                                                                                                                                  • Instruction ID: 3497c9b96093cf58a7e0e76c3de07d008dd0ba0e170a340492d9c9213d0ed3f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42ea53af47dfa4758ca2f335f185dc7f697e863bf6edcd8d76cb9509986d4aef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA11E031340208BEEF205E69CC06FEB3BACEF99B64F110524FA55E20A0D271DCA19B20
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00886B57: _wcslen.LIBCMT ref: 00886B6A
                                                                                                                                                                                                                                                    • Part of subcall function 008E2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008E2DC5
                                                                                                                                                                                                                                                    • Part of subcall function 008E2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 008E2DD6
                                                                                                                                                                                                                                                    • Part of subcall function 008E2DA7: GetCurrentThreadId.KERNEL32 ref: 008E2DDD
                                                                                                                                                                                                                                                    • Part of subcall function 008E2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008E2DE4
                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 008E2F78
                                                                                                                                                                                                                                                    • Part of subcall function 008E2DEE: GetParent.USER32(00000000), ref: 008E2DF9
                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 008E2FC3
                                                                                                                                                                                                                                                  • EnumChildWindows.USER32(?,008E303B), ref: 008E2FEB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                  • String ID: %s%d
                                                                                                                                                                                                                                                  • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                  • Opcode ID: ecfcd3bd9d287b4fdff2d6a8b422bfa4a5ab0d27f900efd0af010370e3480990
                                                                                                                                                                                                                                                  • Instruction ID: 42512cadde227bf299fcdd307a596deed0a8ea8aa0735b79745aebef581cac3f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecfcd3bd9d287b4fdff2d6a8b422bfa4a5ab0d27f900efd0af010370e3480990
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8111D2B17002496BCF047F698C89EEE376AFF85318F048075BA09EB252EE309D45CB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009158C1
                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009158EE
                                                                                                                                                                                                                                                  • DrawMenuBar.USER32(?), ref: 009158FD
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: 35a7797234d35ea42aefcf8ceb9f6f8d176bb1f80b7bd4eb57b1f8f736e09079
                                                                                                                                                                                                                                                  • Instruction ID: 752353551753424816ec0870401e0967acd0f588ebe7d188091e53d1094f26da
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35a7797234d35ea42aefcf8ceb9f6f8d176bb1f80b7bd4eb57b1f8f736e09079
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD018B31604218EFDB219F11DC44BEEBBB9FB85360F158099F849DA161DB308A80EF22
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 008DD3BF
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 008DD3E5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                  • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                  • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                  • Opcode ID: f134a448645b6c5ad0b9077e295dc32c0e3ee611629af4618825ff8d29164343
                                                                                                                                                                                                                                                  • Instruction ID: 6cb9b6e70bf09246b2052eb944dbb8cf5ac5cac172346774cef45d13dd25bf85
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f134a448645b6c5ad0b9077e295dc32c0e3ee611629af4618825ff8d29164343
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29F055B1AC9B29ABD73962108C14EAE7320FF00705B58831BE802E6345E720CC858282
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f7e489ef25ec77998d6baa9b1f44921eca80a5f7ccc83227dfb1c153d7121c26
                                                                                                                                                                                                                                                  • Instruction ID: 909d21c6ed604434a3eb4070ad4b6a178cb793947cd063a535c99166f679d736
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7e489ef25ec77998d6baa9b1f44921eca80a5f7ccc83227dfb1c153d7121c26
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76C16B75A0024AEFCB15CFA9C894AAEB7B5FF49304F208998E505EB251D771ED81CF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                                                                                                                                  • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                  • Instruction ID: 68dab752abb6f3f92f29355bb6d4b19ed5f82c6dda17744e272832c633c9bdb4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40A12371E006869FEB219E18C892BEABBE4FF62350F18416DE585DB383C6348982C751
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1998397398-0
                                                                                                                                                                                                                                                  • Opcode ID: c9d152a493746c0f15619b21c04e39e44987e8766d27083cb92dc736a5a4b28a
                                                                                                                                                                                                                                                  • Instruction ID: d0de28f001d3a1b1f1315eca64ff258782ff5a52f7bb37de2d858888b045c02a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9d152a493746c0f15619b21c04e39e44987e8766d27083cb92dc736a5a4b28a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78A12D756047009FCB10EF28C585A2AB7E9FF89714F148859F99ADB3A2DB31ED01CB52
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0091FC08,?), ref: 008E05F0
                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0091FC08,?), ref: 008E0608
                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?,00000000,0091CC40,000000FF,?,00000000,00000800,00000000,?,0091FC08,?), ref: 008E062D
                                                                                                                                                                                                                                                  • _memcmp.LIBVCRUNTIME ref: 008E064E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 314563124-0
                                                                                                                                                                                                                                                  • Opcode ID: f21b7aa26118e129b293949ec0df95996231c5f0fb1f6c73e483b3cc8c5e805c
                                                                                                                                                                                                                                                  • Instruction ID: b142c0a43cd926422dd677fb69ef2233395d8147e232d3fcf6e108e39e7939e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f21b7aa26118e129b293949ec0df95996231c5f0fb1f6c73e483b3cc8c5e805c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A81E775A00209AFCB04DF94C984EEEB7B9FF89315B204598E516EB250DB71AE46CF60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 0090A6AC
                                                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 0090A6BA
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 0090A79C
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0090A7AB
                                                                                                                                                                                                                                                    • Part of subcall function 0089CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,008C3303,?), ref: 0089CE8A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1991900642-0
                                                                                                                                                                                                                                                  • Opcode ID: 37418c436fa3e665782d150c78394de725b13babc453641503bab9776f3ba6e2
                                                                                                                                                                                                                                                  • Instruction ID: 35fc65af19946de1e1c5003d599c30733794390bcc1af6bdecc32f1461264927
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37418c436fa3e665782d150c78394de725b13babc453641503bab9776f3ba6e2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF514C71508311AFD714EF28D886A6BBBE8FF89754F04892DF585D7291EB30E904CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                  • Opcode ID: 4cf7ed98a3de7da4e458eab374baa6e19688c006998730cc7ab894dca4143261
                                                                                                                                                                                                                                                  • Instruction ID: a75d3a3b05225c6caf35589e2dd88bdf76c63300d9d978ef4cd1b3eedd10211b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cf7ed98a3de7da4e458eab374baa6e19688c006998730cc7ab894dca4143261
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F410931600504ABEF296AFC8CC9FAE3AB6FF43370F244629F519D6693E674C8415267
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 009162E2
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00916315
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00916382
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3880355969-0
                                                                                                                                                                                                                                                  • Opcode ID: b0838ff4b834b1286241aca43a4b62a574b381b199e9250811bb8bfb0246aa78
                                                                                                                                                                                                                                                  • Instruction ID: efddbb7d4c9e7d20ff880c6e55182d06ad593c37b5b626167a016f56628c490e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0838ff4b834b1286241aca43a4b62a574b381b199e9250811bb8bfb0246aa78
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98510974A00209AFDF14DF68D980AEE7BB9FB45360F108569F865DB2A0D770ED82DB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011), ref: 00901AFD
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00901B0B
                                                                                                                                                                                                                                                  • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00901B8A
                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00901B94
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1881357543-0
                                                                                                                                                                                                                                                  • Opcode ID: 771d2d37794c8cc3cc481abe3ebe58d2d1932257d2c8e60311b538478a41e5ee
                                                                                                                                                                                                                                                  • Instruction ID: b300b0a8d89892931f0bc99ebe361b6d4f8f212a409db4e0f07d3d8b26a6c640
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 771d2d37794c8cc3cc481abe3ebe58d2d1932257d2c8e60311b538478a41e5ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E419F74640200AFE720AF28C886F6A77E5EB44718F548498FA1A9F7D2D772ED41CB91
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 91f5e66055777da0880f3cc2bf31b8a5e003f30aee1c85b29598b1f36828a6be
                                                                                                                                                                                                                                                  • Instruction ID: 844303fc3ab9b277b1e228a7644f597eebf71fa4b64a0fd2c13157b1387eb6ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91f5e66055777da0880f3cc2bf31b8a5e003f30aee1c85b29598b1f36828a6be
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62410475A00704AFD724AF7CCC45BAABBA9FB89710F10852EF152DB782D7B1D9018785
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 008F5783
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 008F57A9
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008F57CE
                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008F57FA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3321077145-0
                                                                                                                                                                                                                                                  • Opcode ID: fed0018a4bd58d27f985694cd8bf6b8bb27adc26f7d614017bf0e9a3054dacfb
                                                                                                                                                                                                                                                  • Instruction ID: 956da3ce9f3a54af8544136d064e844c9dda234e96a02d04d585ba7fe4b5b561
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fed0018a4bd58d27f985694cd8bf6b8bb27adc26f7d614017bf0e9a3054dacfb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C411C35610614DFCB11EF19C544A5ABBF1FF89720B188498E95ADB762CB30FD40CB92
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,008A6D71,00000000,00000000,008A82D9,?,008A82D9,?,00000001,008A6D71,8BE85006,00000001,008A82D9,008A82D9), ref: 008BD910
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008BD999
                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 008BD9AB
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 008BD9B4
                                                                                                                                                                                                                                                    • Part of subcall function 008B3820: RtlAllocateHeap.NTDLL(00000000,?,00951444,?,0089FDF5,?,?,0088A976,00000010,00951440,008813FC,?,008813C6,?,00881129), ref: 008B3852
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2652629310-0
                                                                                                                                                                                                                                                  • Opcode ID: 57cd00746b1d29e8876be277bd4514c07c70d791b0caa26bf6739ba885773b10
                                                                                                                                                                                                                                                  • Instruction ID: dc5d934bb8e1533633986ea8e1f5645022a9f1c60d64fe5363ef95f91380b926
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57cd00746b1d29e8876be277bd4514c07c70d791b0caa26bf6739ba885773b10
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F31AB72A0060AABDF249F68DC45EEE7FA5FB41310B054168FC04EA2A0EB35DD55CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00915352
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00915375
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00915382
                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009153A8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3340791633-0
                                                                                                                                                                                                                                                  • Opcode ID: a5b29b62df92bb2d685142b138eb804203070122c4c9dbc949abe2fa8422294f
                                                                                                                                                                                                                                                  • Instruction ID: e635b1d591247686fed94c80d975952475de9239077d82517361e560af5bf32b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5b29b62df92bb2d685142b138eb804203070122c4c9dbc949abe2fa8422294f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A31C170B65A0CEFEB249A14CC15BE83769AB843D0F9B4102FA30971E1C7B499C2EB41
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 008EABF1
                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 008EAC0D
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000101,00000000), ref: 008EAC74
                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 008EACC6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                                                                                                  • Opcode ID: c1b514581bab8804ef9d322355fc16b66a851d758342543d4cb4539361e9ab73
                                                                                                                                                                                                                                                  • Instruction ID: 2a566acb9456c1cafcfef1815e012b3cabc2c4f7f583201a520e0c33960b1b2e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1b514581bab8804ef9d322355fc16b66a851d758342543d4cb4539361e9ab73
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26312870A44398AFEF38CB66CC047FA7BA5FB86B10F28421AE495D21D0C374A9859753
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0091769A
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00917710
                                                                                                                                                                                                                                                  • PtInRect.USER32(?,?,00918B89), ref: 00917720
                                                                                                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 0091778C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                                                                                                                                  • Opcode ID: 946d9230d940d9ed090db4bd53f92355c12719e0792f069827223cfb4361f8e9
                                                                                                                                                                                                                                                  • Instruction ID: 930346727724c1a189a31811851dfafbc54a2258117ce7d78985303f3d91cf79
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 946d9230d940d9ed090db4bd53f92355c12719e0792f069827223cfb4361f8e9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2417A74B0921A9FCB01CF99D894FE9F7F9BB49315F1581A8E8149B2A1C730A981DB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 009116EB
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008E3A57
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: GetCurrentThreadId.KERNEL32 ref: 008E3A5E
                                                                                                                                                                                                                                                    • Part of subcall function 008E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008E25B3), ref: 008E3A65
                                                                                                                                                                                                                                                  • GetCaretPos.USER32(?), ref: 009116FF
                                                                                                                                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 0091174C
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00911752
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2759813231-0
                                                                                                                                                                                                                                                  • Opcode ID: 569419fab99a9f687943ff4d23032273ef884fadde595f4bce2a019f5bef0fa8
                                                                                                                                                                                                                                                  • Instruction ID: 10154b6ed062e1a1e4eec4dcf735ae68eb976d0f05e6f718a33fdd826ee106ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 569419fab99a9f687943ff4d23032273ef884fadde595f4bce2a019f5bef0fa8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68313E71E00149AFDB00EFA9C885CEEBBFDFF48304B5080A9E515E7251EA319E45CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00887620: _wcslen.LIBCMT ref: 00887625
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008EDFCB
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008EDFE2
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008EE00D
                                                                                                                                                                                                                                                  • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 008EE018
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3763101759-0
                                                                                                                                                                                                                                                  • Opcode ID: 42d3754e1651dd45c9c9e772d82564b94c4ab70ebeffcac369f689923cf30450
                                                                                                                                                                                                                                                  • Instruction ID: 080ac4c957e3b1b2deed5f878ad8c2a641acb9c0d5de4261b319b7bdd2c62c18
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42d3754e1651dd45c9c9e772d82564b94c4ab70ebeffcac369f689923cf30450
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E21A371900614AFDF10EFA8D981BAEB7F8FF86750F144065E905FB245D6709E40CBA2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00919001
                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,008D7711,?,?,?,?,?), ref: 00919016
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0091905E
                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,008D7711,?,?,?), ref: 00919094
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2864067406-0
                                                                                                                                                                                                                                                  • Opcode ID: 33b2e9ed1d395e9b19ef2985605db1244b5f62eed15f828ffac6aa55bbba4905
                                                                                                                                                                                                                                                  • Instruction ID: 1ffc8d716bb34fc51218f9e83dfac630a9e595242a05d6609db5edf234f0e223
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33b2e9ed1d395e9b19ef2985605db1244b5f62eed15f828ffac6aa55bbba4905
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83219F35711118EFCB25CF99CC68EEA7BB9EB49361F044069F90587261C3359D90EB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,0091CB68), ref: 008ED2FB
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008ED30A
                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 008ED319
                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0091CB68), ref: 008ED376
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2267087916-0
                                                                                                                                                                                                                                                  • Opcode ID: 0df307a847aea69c0f446c629e90db74ab8296ef73481cc963818d7514c48c09
                                                                                                                                                                                                                                                  • Instruction ID: c893fe436b23aa079b46667c3b51c99a3bebd3818672ea8c2cd496633502e29c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0df307a847aea69c0f446c629e90db74ab8296ef73481cc963818d7514c48c09
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 952180746483419F8310EF29C8814AAB7E4FE56324F504A1DF499D73E1E730D94ACB93
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008E102A
                                                                                                                                                                                                                                                    • Part of subcall function 008E1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008E1036
                                                                                                                                                                                                                                                    • Part of subcall function 008E1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008E1045
                                                                                                                                                                                                                                                    • Part of subcall function 008E1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008E104C
                                                                                                                                                                                                                                                    • Part of subcall function 008E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008E1062
                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008E15BE
                                                                                                                                                                                                                                                  • _memcmp.LIBVCRUNTIME ref: 008E15E1
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E1617
                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 008E161E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1592001646-0
                                                                                                                                                                                                                                                  • Opcode ID: 7a95649e6852162e9e9b2d6058921dd669db45c4f932d5f24029a669e0024611
                                                                                                                                                                                                                                                  • Instruction ID: b9aa53000584d452a6d57383bb9243b8645ebc9627c074f538161882cdbb6e62
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a95649e6852162e9e9b2d6058921dd669db45c4f932d5f24029a669e0024611
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0215571E40208AFDF00DFA6C949BEEB7B8FF56354F088459E445EB251E730AA05DBA0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 0091280A
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00912824
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00912832
                                                                                                                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00912840
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2169480361-0
                                                                                                                                                                                                                                                  • Opcode ID: 48cad5293204ec990d5518bda408b35bb3faa78dc738e0240030425a533d601e
                                                                                                                                                                                                                                                  • Instruction ID: 3d8af9183c1bb04eef7987e9b0503b39c80ab26f1b5bb04b5c175dcc23db121a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48cad5293204ec990d5518bda408b35bb3faa78dc738e0240030425a533d601e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C821A131308519AFD714AB24C845FEA7B99EF86324F148158F426CB6E2CB75FC92CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 008E8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,008E790A,?,000000FF,?,008E8754,00000000,?,0000001C,?,?), ref: 008E8D8C
                                                                                                                                                                                                                                                    • Part of subcall function 008E8D7D: lstrcpyW.KERNEL32(00000000,?,?,008E790A,?,000000FF,?,008E8754,00000000,?,0000001C,?,?,00000000), ref: 008E8DB2
                                                                                                                                                                                                                                                    • Part of subcall function 008E8D7D: lstrcmpiW.KERNEL32(00000000,?,008E790A,?,000000FF,?,008E8754,00000000,?,0000001C,?,?), ref: 008E8DE3
                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,008E8754,00000000,?,0000001C,?,?,00000000), ref: 008E7923
                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,008E8754,00000000,?,0000001C,?,?,00000000), ref: 008E7949
                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,008E8754,00000000,?,0000001C,?,?,00000000), ref: 008E7984
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                  • String ID: cdecl
                                                                                                                                                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                  • Opcode ID: 00cf106d1b89f4d76b5950f9b7208359d8eeb40dc2000836746f2e137c709a83
                                                                                                                                                                                                                                                  • Instruction ID: 8f39b2f715b8fddfad99b29a0851448d99e019ed07b5bfe254de3254b5c1f281
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00cf106d1b89f4d76b5950f9b7208359d8eeb40dc2000836746f2e137c709a83
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1811293A304381AFCB156F3ACC44E7A77A5FF86350B10802AF906CB265EB35D801D751
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00917D0B
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00917D2A
                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00917D42
                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,008FB7AD,00000000), ref: 00917D6B
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 847901565-0
                                                                                                                                                                                                                                                  • Opcode ID: 91c9e6096b34af5c2a69209ce74ea5cd986a6f7d91ed026f2d955bbad136026e
                                                                                                                                                                                                                                                  • Instruction ID: 007a09edfd3778ecf72f0d59d2c49b452009a18482aff39cf82e905592225be5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91c9e6096b34af5c2a69209ce74ea5cd986a6f7d91ed026f2d955bbad136026e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9311C07531861AAFCB109F68EC04AE67BA9AF45364F158724F835C72F0D7308990DB90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001060,?,00000004), ref: 009156BB
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 009156CD
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 009156D8
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00915816
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 455545452-0
                                                                                                                                                                                                                                                  • Opcode ID: 42b3ee252756f22ca59bf9e7699badea4cbb528f49b051e185c2f2df1c4601ca
                                                                                                                                                                                                                                                  • Instruction ID: 01ae2534a09b5ffa3d11324c8b40c3937207042aeaf6f4f787e73eb40f11859b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42b3ee252756f22ca59bf9e7699badea4cbb528f49b051e185c2f2df1c4601ca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0011E17170060CDADF209F66CC81AEE77ACEF913A4F524426F915D6091E7748AC0CBA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dd99c9ee4a2b85d23b61ba2ab79835549747ad6acae23aa149ae6cce89df91ff
                                                                                                                                                                                                                                                  • Instruction ID: 8df9655e24194d40591aea2fddb831e0052e20c45a12425f76f6927ae33a49a0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd99c9ee4a2b85d23b61ba2ab79835549747ad6acae23aa149ae6cce89df91ff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9401ADB220961A7EFA2126786CD5FE76A1CFF817B8F780325F521E93D2DB608C009160
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 008E1A47
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008E1A59
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008E1A6F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008E1A8A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                  • Opcode ID: 4811b50233b8ea08c3d36cd5d8f5b2c0944b351eb99f1632f85b321c84323a29
                                                                                                                                                                                                                                                  • Instruction ID: 55626c98e512d1fc36bcbca77656d17ff3acff50aaaa0a402a94f19c7fd3d643
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4811b50233b8ea08c3d36cd5d8f5b2c0944b351eb99f1632f85b321c84323a29
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83112A3A901229FFEF109BA5C985FADBB78FB04750F2000A1EA00B7290D7716E50DB94
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008EE1FD
                                                                                                                                                                                                                                                  • MessageBoxW.USER32(?,?,?,?), ref: 008EE230
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 008EE246
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 008EE24D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2880819207-0
                                                                                                                                                                                                                                                  • Opcode ID: 45b4d4511db5a025af952782f13bd924a23fce761acf204c32463c88474b05c3
                                                                                                                                                                                                                                                  • Instruction ID: 16fbe46ac6deffde204d78cc83821903585b423eaea991f0844385267e37e708
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45b4d4511db5a025af952782f13bd924a23fce761acf204c32463c88474b05c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17112BB6E18358BBC7019FA99C05BDE7FACEB46311F008215F924E3290D2B0CD04D7A0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,?,008ACFF9,00000000,00000004,00000000), ref: 008AD218
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008AD224
                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 008AD22B
                                                                                                                                                                                                                                                  • ResumeThread.KERNEL32(00000000), ref: 008AD249
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 173952441-0
                                                                                                                                                                                                                                                  • Opcode ID: fc8941fd871ee98d3f3e9e8cb0f6e56ccc6012a2c1cd7e39e3a787ca1b60b7f4
                                                                                                                                                                                                                                                  • Instruction ID: 9cfe09f81ffd9c3e32d5e909a491bf1efe2b34243035b0eddab892e0649bb769
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc8941fd871ee98d3f3e9e8cb0f6e56ccc6012a2c1cd7e39e3a787ca1b60b7f4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B012676504308BBE7106BA9DC09BAE7A68FF83330F104229F926D29D0DFB0D801C6A1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00899BB2
                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00919F31
                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00919F3B
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00919F46
                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00919F7A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4127811313-0
                                                                                                                                                                                                                                                  • Opcode ID: f9fa5a3dc8a4682e346c44dd54a0db631b75426d509da87695640173d89ddf77
                                                                                                                                                                                                                                                  • Instruction ID: d1a9205354bb1a57bb096fab1fff1710e76f915989ae488e1b44abd70e7d71ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9fa5a3dc8a4682e346c44dd54a0db631b75426d509da87695640173d89ddf77
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B113672A0421ABBDB10DFA8D855AEE77B9FB45311F404455F911E3240D330BEC2DBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0088604C
                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00886060
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 0088606A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3970641297-0
                                                                                                                                                                                                                                                  • Opcode ID: d926bf662e995624b8a8d0dcfbf3c08c21d295e07289df8396571ccbae460ee4
                                                                                                                                                                                                                                                  • Instruction ID: e689921893cac10b195ad7cec285553e1c2141a4802d480b04376e52063cbe46
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d926bf662e995624b8a8d0dcfbf3c08c21d295e07289df8396571ccbae460ee4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C211C4B2205908BFEF125F94DC54FEA7B69FF183A4F004105FA04A2120D732DC60EB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 008A3B56
                                                                                                                                                                                                                                                    • Part of subcall function 008A3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 008A3AD2
                                                                                                                                                                                                                                                    • Part of subcall function 008A3AA3: ___AdjustPointer.LIBCMT ref: 008A3AED
                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 008A3B6B
                                                                                                                                                                                                                                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 008A3B7C
                                                                                                                                                                                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 008A3BA4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 737400349-0
                                                                                                                                                                                                                                                  • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                  • Instruction ID: cbd31d306e44f46b4bb01f8b2e77d4f798fb6ccaba96133078a071035dbf21be
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B014C32100148BBEF125E99DC42EEB7F6EFF8A764F044014FE48A6521C772E961DBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008813C6,00000000,00000000,?,008B301A,008813C6,00000000,00000000,00000000,?,008B328B,00000006,FlsSetValue), ref: 008B30A5
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008B301A,008813C6,00000000,00000000,00000000,?,008B328B,00000006,FlsSetValue,00922290,FlsSetValue,00000000,00000364,?,008B2E46), ref: 008B30B1
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008B301A,008813C6,00000000,00000000,00000000,?,008B328B,00000006,FlsSetValue,00922290,FlsSetValue,00000000), ref: 008B30BF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                  • Opcode ID: 48cd93a4e865bec8153790bb6f6a26dd1e71e92cdf7a5b1e05e7fe8f5cc04f4d
                                                                                                                                                                                                                                                  • Instruction ID: d1239b2918e4cbbac7e217198895567082d08f780c299b47c254500ef7f4365c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48cd93a4e865bec8153790bb6f6a26dd1e71e92cdf7a5b1e05e7fe8f5cc04f4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A01D476759A26ABCB315A79AC449D77B98FF45B61B204620F916E3240CB21D902C6E0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 008E747F
                                                                                                                                                                                                                                                  • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 008E7497
                                                                                                                                                                                                                                                  • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008E74AC
                                                                                                                                                                                                                                                  • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008E74CA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1352324309-0
                                                                                                                                                                                                                                                  • Opcode ID: 8ac0c077d15ede32f758c9049d10faa022a485f255b268a7cec988c53b3a059f
                                                                                                                                                                                                                                                  • Instruction ID: 202aa587b4c20e2ede52d8ff00e0b5ce4c1d011a29251809d7f007be8a755620
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ac0c077d15ede32f758c9049d10faa022a485f255b268a7cec988c53b3a059f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34118BB5349359ABE7208F15EC08B927BFCFB01B08F108569AA16DA1D1D7B0E944DB64
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008EACD3,?,00008000), ref: 008EB0C4
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008EACD3,?,00008000), ref: 008EB0E9
                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008EACD3,?,00008000), ref: 008EB0F3
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008EACD3,?,00008000), ref: 008EB126
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2875609808-0
                                                                                                                                                                                                                                                  • Opcode ID: 2ac21fd5ae344c5fdc3d101ad3f253a98fc9d75369fcf2204be0aa1bb5427ee4
                                                                                                                                                                                                                                                  • Instruction ID: 997ffddad1a763cb1ad929724018e4092ba1dd1c34f7e8734a90f4c77071fddf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ac21fd5ae344c5fdc3d101ad3f253a98fc9d75369fcf2204be0aa1bb5427ee4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF113C71D4565DEBCF00AFE5E9986EFBB78FF0A721F104085D941B2141DB305550EB51
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00917E33
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00917E4B
                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00917E6F
                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00917E8A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 357397906-0
                                                                                                                                                                                                                                                  • Opcode ID: 38cdd0c5e2abd54d32a69998a1eb62db92877706a9980e574f688624d53c9fe0
                                                                                                                                                                                                                                                  • Instruction ID: 8c5b9bdc3b6cf1c7e6a51915e94fb2f4715dfb6aac3b63a1e6959f2afa2d59f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38cdd0c5e2abd54d32a69998a1eb62db92877706a9980e574f688624d53c9fe0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 171156B9E0420AAFDB41CF98C8849EEBBF9FF08310F509056E915E3210D775AA54DF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008E2DC5
                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 008E2DD6
                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008E2DDD
                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008E2DE4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2710830443-0
                                                                                                                                                                                                                                                  • Opcode ID: ebac3ab11af8f663194d7d885039408a0384becfd9f53f368fbd6afbddc0d731
                                                                                                                                                                                                                                                  • Instruction ID: 6f93b8a646daf39b2559caf7dfc3542c751f58e9bc85b43e9a684abaea3bdd08
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebac3ab11af8f663194d7d885039408a0384becfd9f53f368fbd6afbddc0d731
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28E06DB17992287AD7201B639C0DEEB3E6CFB43BA1F404215B205D1080DAA08840D6B0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00899693
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: SelectObject.GDI32(?,00000000), ref: 008996A2
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: BeginPath.GDI32(?), ref: 008996B9
                                                                                                                                                                                                                                                    • Part of subcall function 00899639: SelectObject.GDI32(?,00000000), ref: 008996E2
                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00918887
                                                                                                                                                                                                                                                  • LineTo.GDI32(?,?,?), ref: 00918894
                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 009188A4
                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 009188B2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1539411459-0
                                                                                                                                                                                                                                                  • Opcode ID: 5e4d0faef48b1b74809e19ddca5156b6eeafee34f922f443d9054589cd49a976
                                                                                                                                                                                                                                                  • Instruction ID: 141f8a60f750cbd382cf04169ab2a72871984df842ea86a0301719b73d36d1ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e4d0faef48b1b74809e19ddca5156b6eeafee34f922f443d9054589cd49a976
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5F05E36299258FADF126F94AC0AFCE3F59AF0A311F048040FA11650E1C7755551EFE9
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 008998CC
                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 008998D6
                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 008998E9
                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 008998F1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4037423528-0
                                                                                                                                                                                                                                                  • Opcode ID: 9c08eb4720aae3c1676de20aa383c64b8a7c3d1676083ff6a94bac95afb9519d
                                                                                                                                                                                                                                                  • Instruction ID: 217bf6244ecd7abfb4b172e6c479a942d77dac9fa432db72c5ae3f8d6b558f6a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c08eb4720aae3c1676de20aa383c64b8a7c3d1676083ff6a94bac95afb9519d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1E03971398280AADB215B78AC09BE83F21EB12336F14C21AF6FA980E1C7714640EB11
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 008E1634
                                                                                                                                                                                                                                                  • OpenThreadToken.ADVAPI32(00000000,?,?,?,008E11D9), ref: 008E163B
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008E11D9), ref: 008E1648
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,008E11D9), ref: 008E164F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3974789173-0
                                                                                                                                                                                                                                                  • Opcode ID: 39b2b260552890a0cf351f2f53790a5dc30c281b7b38b186168d4f9589befcbc
                                                                                                                                                                                                                                                  • Instruction ID: b40df5f69bf02d5d89ae1d577b5d7e370fe622c4611050a747db7fc1145345a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39b2b260552890a0cf351f2f53790a5dc30c281b7b38b186168d4f9589befcbc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDE08CB2796221EBDB201FA1AE0DBC63B7CFF59792F14CC08F245DA090E6348541DB60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 008DD858
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 008DD862
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008DD882
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?), ref: 008DD8A3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                                                                                                  • Opcode ID: 636941c8e8bf024d4740e5fe04c5f8f10fac5538dc9a3e1f337c1ae34d99549b
                                                                                                                                                                                                                                                  • Instruction ID: d79da5f5b72a7a31798628f6482209af1ba55f1b975e74dc15b0ee80cd737485
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 636941c8e8bf024d4740e5fe04c5f8f10fac5538dc9a3e1f337c1ae34d99549b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8E01AB4A54209EFCF41AFA0D90C6ADBBB1FB08350F14D419E80AE7250CB385901FF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 008DD86C
                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 008DD876
                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008DD882
                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?), ref: 008DD8A3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                                                                                                  • Opcode ID: b1cd014b932f0bb1017aeb8ffce9e7e57ef199bedbdb4b558ead68bb914a3ee0
                                                                                                                                                                                                                                                  • Instruction ID: 92c47614feaadd4f28ad3e7c0e5db1c14b1aeff1449fd72a969ccb66713a8629
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1cd014b932f0bb1017aeb8ffce9e7e57ef199bedbdb4b558ead68bb914a3ee0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E012B4E58209EFCF40AFA0D80C6ADBBB1FB08350B149008E90AE7250CB385A01EF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00887620: _wcslen.LIBCMT ref: 00887625
                                                                                                                                                                                                                                                  • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 008F4ED4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Connection_wcslen
                                                                                                                                                                                                                                                  • String ID: *$LPT
                                                                                                                                                                                                                                                  • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                  • Opcode ID: e4e6249224fd4bde16aa63cd95c1899731c2e8bbecd23ac81fc06452dd521f59
                                                                                                                                                                                                                                                  • Instruction ID: 16782eab6013530a53e7013d0b613b51c8a51ece05393b0f7aa9838de994f4d1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4e6249224fd4bde16aa63cd95c1899731c2e8bbecd23ac81fc06452dd521f59
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09913D75A002089FCB14DF68C484EAABBF1FF45318F189099E54ADB362DB31ED85CB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 008AE30D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                  • String ID: pow
                                                                                                                                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                  • Opcode ID: 93df5703e5282d8914edb16d00e61be9127704b7a154a2bdda008838fbbe9309
                                                                                                                                                                                                                                                  • Instruction ID: 683e303d02fe61074f8336874baa3e4e6c8cf4e25666e10737478d289acc5c69
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93df5703e5282d8914edb16d00e61be9127704b7a154a2bdda008838fbbe9309
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1515B61A1C70696EB257718C9013F93BA4FF81B80F344DA8E096C27ADEB348C959A46
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                  • API String ID: 0-1885708031
                                                                                                                                                                                                                                                  • Opcode ID: d2fbe34389b350fafdc4b88924cbf629790b775be196d17f3e583b16aaf1fb5b
                                                                                                                                                                                                                                                  • Instruction ID: 4a9939e7fc3a79cb8b0b3846cec73a964f71782679485ecf3b84b62771c5d08b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2fbe34389b350fafdc4b88924cbf629790b775be196d17f3e583b16aaf1fb5b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F51FF7590424ADFDF25FFA8C481ABA7BA8FF15310F284156F891DF290DA309D42CBA1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 0089F2A2
                                                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?), ref: 0089F2BB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 688c81f92f2a81f04939300ebafcb7bc46cdff31c7d7feefd07adfd4788cb0d7
                                                                                                                                                                                                                                                  • Instruction ID: d50aa858f7faef60eaef66e4d012281af54e627abd0c23015e3968af73d6cbf7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 688c81f92f2a81f04939300ebafcb7bc46cdff31c7d7feefd07adfd4788cb0d7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC51397141C7449BE320AF14E886BABB7F8FF84304F91885DF299911A5EB708529CB67
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009057E0
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 009057EC
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                  • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                  • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                  • Opcode ID: 4cb21f1aaa846e17dd69f0d3c7d82d57a6c9a4cf214682ad028a0e85a87ae696
                                                                                                                                                                                                                                                  • Instruction ID: aad8f736a9b8ea95609a5785acd6d032fdea81a7fe842f6e3359c32b28ff76d9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cb21f1aaa846e17dd69f0d3c7d82d57a6c9a4cf214682ad028a0e85a87ae696
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB419F71A006099FCB14EFA9C8819BEBBF9FF59314F158069E905E72A1E7309D81CF91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008FD130
                                                                                                                                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 008FD13A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                  • String ID: |
                                                                                                                                                                                                                                                  • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                  • Opcode ID: b11cf2aab0199340f0f8a577942739e750be8a800c1ae790d679be92f30dd94c
                                                                                                                                                                                                                                                  • Instruction ID: 59f5c339be94f8e4ce18100d05ee0c9578b324890aa2df0e427ee09960bcb0f2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b11cf2aab0199340f0f8a577942739e750be8a800c1ae790d679be92f30dd94c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F311A71D00219ABDF15EFA8CC85AEEBFBAFF05300F100019F915E6162E731AA56DB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?,?,?), ref: 00913621
                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0091365C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                  • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                  • Opcode ID: ec4bfb8c41d43a3dd7627c42041fc6198db5c77cad1bbfe7a693739f7331cb19
                                                                                                                                                                                                                                                  • Instruction ID: 7991707a95feb25cb0a1634d15c2d2a7601fbb216da6627133ab3907b8287089
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec4bfb8c41d43a3dd7627c42041fc6198db5c77cad1bbfe7a693739f7331cb19
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E318E71210608AADB109F28DC41AFB73BDFF88764F108619F9A5D7280DA30AD91D760
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0091461F
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00914634
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                  • String ID: '
                                                                                                                                                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                  • Opcode ID: fc1906a7f2ed7fc1156310f625c1699d12aeabe23fdb2798bd885fe4454e521f
                                                                                                                                                                                                                                                  • Instruction ID: 1fb1b64fe0e85c180b20168d2eb532f4ea4349ccba331bc6429d70d2ed57a9c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc1906a7f2ed7fc1156310f625c1699d12aeabe23fdb2798bd885fe4454e521f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28310774B0130E9FDB14CF69C990BDA7BBAFB49344F14406AE905AB351D770A941CF90
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0091327C
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00913287
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                  • String ID: Combobox
                                                                                                                                                                                                                                                  • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                  • Opcode ID: 69d4a67fdf97f062d612eabcf60ad5d7823b15f2f7a5d37da5a881d450b0aff5
                                                                                                                                                                                                                                                  • Instruction ID: b758d0258baba9330142fdf2311b3f4814b59045720623a0933a98db28d7f748
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69d4a67fdf97f062d612eabcf60ad5d7823b15f2f7a5d37da5a881d450b0aff5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3111B67130420C7FEF21AE54DC80EFB376EEB94364F108524F92497290D6319D919760
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0088600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0088604C
                                                                                                                                                                                                                                                    • Part of subcall function 0088600E: GetStockObject.GDI32(00000011), ref: 00886060
                                                                                                                                                                                                                                                    • Part of subcall function 0088600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0088606A
                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 0091377A
                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00913794
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                  • Opcode ID: 8e40f1e9beeac6c260735ebbe9695dbda73b33f2b72db10db9359ff881723b76
                                                                                                                                                                                                                                                  • Instruction ID: f9fedc3a09c20bb701e76718b3074b82066af5e3c6690447b5c2a9f423d75624
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e40f1e9beeac6c260735ebbe9695dbda73b33f2b72db10db9359ff881723b76
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D113AB2650209AFDF01DFA8CC45EEA7BF8FB08354F004914F955E2250E735E851DB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 008FCD7D
                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 008FCDA6
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                  • String ID: <local>
                                                                                                                                                                                                                                                  • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                  • Opcode ID: 58245625bfef9f011597e8c724fa83098c9e0b219ab66a666dd441d183fbe637
                                                                                                                                                                                                                                                  • Instruction ID: 91591af698a533151fdcd47e9516a38214cc2ffb2895b0ec32425d5cea90f161
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58245625bfef9f011597e8c724fa83098c9e0b219ab66a666dd441d183fbe637
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC11A3B125563DBAD7246A768C45EFBBEA8FF127A8F004226B209C2080D6709A41D6F0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 009134AB
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009134BA
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                  • String ID: edit
                                                                                                                                                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                  • Opcode ID: 10f7d99ef7ba8fd96a5e5dcb5328f983c540c72e3a314611fde40a7c408d9223
                                                                                                                                                                                                                                                  • Instruction ID: 0b161a7c5d5213dc2a969b7f5a470fd44ceec544436e48bda2f928ba0fc9b14c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10f7d99ef7ba8fd96a5e5dcb5328f983c540c72e3a314611fde40a7c408d9223
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03116D71210208AAEB228E64DC44AEB376EEB55378F508724FA65931E0C775DC91A750
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?), ref: 008E6CB6
                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 008E6CC2
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                  • String ID: STOP
                                                                                                                                                                                                                                                  • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                  • Opcode ID: 668e3cfc26736206c8be2a5b1a33eae6cbd442bde13dcbe186e975f4cb3c646f
                                                                                                                                                                                                                                                  • Instruction ID: 211817197b1def66b3126ee0fd63fc85f4bfe34a3ab61405e70b64138ae7c77a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 668e3cfc26736206c8be2a5b1a33eae6cbd442bde13dcbe186e975f4cb3c646f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11010432B1456B8BCB20AFBECC809BF77A5FB727947500528E852D2191FA32D920C750
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008E3CCA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 008E1D4C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                  • Opcode ID: edc55589bbe9f8a1e56804d8b588cf6790f2855e4ecdd4da87dffc865d298e23
                                                                                                                                                                                                                                                  • Instruction ID: bbe9e8c88e7dbafa4fdd38464bc496deabb9d38a3b3be801619f88dde7bc3131
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edc55589bbe9f8a1e56804d8b588cf6790f2855e4ecdd4da87dffc865d298e23
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E701B171701219ABCF18FBA9CC59CFE73A8FB47354B140619F872E72C2EA3199088761
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008E3CCA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 008E1C46
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                  • Opcode ID: 2ec9ababe621cab10462cee4ce080f6e35131d3c61b50932873093fc2cf52c41
                                                                                                                                                                                                                                                  • Instruction ID: 2ddfb49ca48e74dab883bf03306b5a3523b6295012497e43d2029c9aac877d64
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ec9ababe621cab10462cee4ce080f6e35131d3c61b50932873093fc2cf52c41
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9001B1716811486BCF14EB95C9599FF73A8EB12340B240029E446E3282EA219E0887B2
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008E3CCA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000182,?,00000000), ref: 008E1CC8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                  • Opcode ID: 62b155b8003e5ad48a8cc3854285cfaf1f81d0a96b01a8e861f0b7e8458e1153
                                                                                                                                                                                                                                                  • Instruction ID: 084e08f598433b741adbf793194a4223b3584ed5d3bb7ad57f0ac386847e7949
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62b155b8003e5ad48a8cc3854285cfaf1f81d0a96b01a8e861f0b7e8458e1153
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5001677568115967CF14F795CA15EFE77A8FB12344B240015B842F3281EA719F08D772
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00889CB3: _wcslen.LIBCMT ref: 00889CBD
                                                                                                                                                                                                                                                    • Part of subcall function 008E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008E3CCA
                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 008E1DD3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                  • Opcode ID: 7216ebca5092e9b88d0ab62b0c4c2776e5ffa9272f9bb4934867bc29a5f21bcb
                                                                                                                                                                                                                                                  • Instruction ID: cf913c62bc446ae230ee11910333e89bda95c426aad491a70ed27694ac8eef73
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7216ebca5092e9b88d0ab62b0c4c2776e5ffa9272f9bb4934867bc29a5f21bcb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF0A471B412196BDB14F7A9CC5AEFE7768FB02354F180915F862E32C2EA719A088361
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                  • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                  • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                  • Opcode ID: 0a99640cdcf05ac8b5cc50a752b0df0b2580b960fd0dafab99f0cef80ebb2b29
                                                                                                                                                                                                                                                  • Instruction ID: b2b56caf45c63fd81483a4e21a25e0c375a968a9798cb4e6a3f65d326e778c8b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a99640cdcf05ac8b5cc50a752b0df0b2580b960fd0dafab99f0cef80ebb2b29
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49E0230160425014D23116BD9CC197FEA8FDFC67707141417F541C11B6D6D49DA153A1
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 008E0B23
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                  • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                  • Opcode ID: 0386d6ba1974db518e0cf5a38fa7ad9a44354c094fe18489a642d45b4c9cf581
                                                                                                                                                                                                                                                  • Instruction ID: 129c023964bbc97d466e1c739f84133fdeafa0d8ceb606d3ddd5a499b387fa7a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0386d6ba1974db518e0cf5a38fa7ad9a44354c094fe18489a642d45b4c9cf581
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FE0D87138430827D61436987C03FC97A84EF06F64F100426F788D54C38AD124A046EA
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 0089F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,008A0D71,?,?,?,0088100A), ref: 0089F7CE
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,0088100A), ref: 008A0D75
                                                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0088100A), ref: 008A0D84
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008A0D7F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                  • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                  • Opcode ID: cbc9ea3f8d707a8bea0e31b6bc16d40848517788357cc516dfc03a9666061ce4
                                                                                                                                                                                                                                                  • Instruction ID: 858de6bc4cb7886977dec4ff5791ec0c84bc6b742438e308002f65a347aa43e0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbc9ea3f8d707a8bea0e31b6bc16d40848517788357cc516dfc03a9666061ce4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5E039B4300B418BE760AFB9D8083827BE0FB01744F008A2DE496C6A51DBB4E4889F91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 008F302F
                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 008F3044
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                  • String ID: aut
                                                                                                                                                                                                                                                  • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                  • Opcode ID: d956a4f05168da77cbdcea67d25475d8a22ad495ff36b8ba6e3e594c4bf9760c
                                                                                                                                                                                                                                                  • Instruction ID: ad97d7be42f29562091e994c69c245cfcf6b92f68703903489f38d15e4d6ce30
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d956a4f05168da77cbdcea67d25475d8a22ad495ff36b8ba6e3e594c4bf9760c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6D05EF264032877DA20A7A4AC0EFCB3A6CDB05750F4006A1B665E2095DAF0D984CAD0
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LocalTime
                                                                                                                                                                                                                                                  • String ID: %.3d$X64
                                                                                                                                                                                                                                                  • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                  • Opcode ID: a285fa56b49a49c273eebbf2952c303f1a63fa50f4c5fe1aaa7ae68eb5c62708
                                                                                                                                                                                                                                                  • Instruction ID: 50175b850b05d8bb2a962eb13cb5a376e2040ad72c5badef5c79e798a2956e84
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a285fa56b49a49c273eebbf2952c303f1a63fa50f4c5fe1aaa7ae68eb5c62708
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FD012A184830CEACF50AAD0DC45CF9B37CFB18345F548553F906D1141E634E508A761
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0091232C
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0091233F
                                                                                                                                                                                                                                                    • Part of subcall function 008EE97B: Sleep.KERNEL32 ref: 008EE9F3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                  • Opcode ID: 1a6845b75b820609abe2eb995d42eef322d53c38acae3c4f0ca273c43968de70
                                                                                                                                                                                                                                                  • Instruction ID: ecf3705ab176e1a9325e8e1e2305506606482e8d436c182372f6bb97de52c1ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a6845b75b820609abe2eb995d42eef322d53c38acae3c4f0ca273c43968de70
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26D022B23E8300BBE364B370DC0FFC6BA04AB00B00F0089067705EA0D0C8F0A801CB00
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0091236C
                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000), ref: 00912373
                                                                                                                                                                                                                                                    • Part of subcall function 008EE97B: Sleep.KERNEL32 ref: 008EE9F3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                  • Opcode ID: effae3d46096d56f0bd0c9c97972cd0d50e6f8654f6d161b96affb1a8b66a0bd
                                                                                                                                                                                                                                                  • Instruction ID: 9dbd0f26a458e77275f534af68bbbc6ec7c26ea8b04cb29d312067ca6aec3128
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: effae3d46096d56f0bd0c9c97972cd0d50e6f8654f6d161b96affb1a8b66a0bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1ED0A9B23D83007AE264B370DC0FFC6AA04AB01B00F0089067601EA0D0C8B0A801CA04
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 008BBE93
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008BBEA1
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008BBEFC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1806850733.0000000000881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1806822949.0000000000880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.000000000091C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807008469.0000000000942000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807126922.000000000094C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1807151717.0000000000954000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_880000_file.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1717984340-0
                                                                                                                                                                                                                                                  • Opcode ID: a5a1036507b2b00b95470d06a9d8204444a8813a3c09332d7674383fc202e797
                                                                                                                                                                                                                                                  • Instruction ID: b2eb8e9834d9273b2aeee89c51580edf7288c80d58b6748a1a9afc6f9018a265
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5a1036507b2b00b95470d06a9d8204444a8813a3c09332d7674383fc202e797
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7441AF34604206ABDB218FA9CC44AFA7BA5FF42720F144169F959DB3A1EFB09D01DB61

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:0.4%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:100%
                                                                                                                                                                                                                                                  Total number of Nodes:6
                                                                                                                                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                                                                                                                                  execution_graph 5005 15da86e9fb7 5006 15da86e9fc7 NtQuerySystemInformation 5005->5006 5007 15da86e9f64 5006->5007 5008 15da87045f2 5009 15da8704649 NtQuerySystemInformation 5008->5009 5010 15da87029c4 5008->5010 5009->5010

                                                                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.2996715466.0000015DA8702000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000015DA8702000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_15da8702000_firefox.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                  • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                                                  • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                                                  • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                  • Instruction ID: 583897a0b63b2c5e60f76879f3192a033e4c227a5276615c3fe986e9115c61d9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AA3C331618E598BDB3EDF18DC866EA73E5FB98301F14422EDC4AD7255DE34E9028B81